Email
Password
Remember meForgot password?
    Log in with Twitter

article imageBillions of email addresses exposed online Special

Listen | Print
By Tim Sandle     Dec 14, 2019 in Technology
Comparitech researchers in collaboration with security research Bob Diachenko found more than 2.7 billion email addresses in an open, unprotected online database. Looks into the issue.
The discover of in excess of 2.7 billion email addresses located in an open, unprotected online database represents one of the biggest data breaches on record. Additionally, more than a billion email passwords billion of those records also contained a plain-text password associated with the email address.
Most of the emails were from Chinese domains including qq.com, 139.com, 126.com, gfan.com, and game.sohu.com. Those domains belong to some of China’s biggest internet companies, such asTencent, Sina, Sohu, and NetEase. Several email addresses had Yahoo and Gmail domains, as well as some Russian ones like rambler.ru and mail.ru.
Upon verification, the researchers concluded that all the emails with passwords originated from the so-called “Big Asian Leak,” first uncovered by HackRead.
To understand the implication of the data breach, Digital Journal caught up with Alexander García-Tobar, CEO and co-founder, Valimail.
According to García-Tobar: “The exposure of 2.7 billion email addresses and one billion passwords means it’s even easier for cybercriminals to take over the compromised email accounts."
He notes that these types of data breaches are becoming relatively easy: "It's worth noting that account takeover isn’t necessary for these fraudsters to launch targeted phishing campaigns and orchestrate sophisticated business email compromise (BEC) scams. In fact, cybercriminals can impersonate the identity of a trusted business partner or coworker without having access to their account, and any exposed database of known email addresses will only give these criminals more identities to spoof."
In terms of what businesses should be considering, García-Tobar notes: "In the wake of a leak like this, individuals and enterprises alike need to be extra vigilant for phishing attacks that may impersonate people or brands they trust. In order to thwart spoofing and phishing from untrusted domains and accounts, organizations need to employ solutions that can validate the sender identity of all inbound emails."
García-Tobar also recommends using more sophisticated encryption methods: "Additionally, they should also implement multi-factor authentication, ensure that their own domains are locked down with Domain-based Message Authentication, Reporting & Conformance (DMARC) at enforcement, and deploy BIMI on their authenticated domains.”
More about Data breach, Email, Passwords
More news from
Latest News
Top News
Review: Jordi Vilasuso stuns in the breast cancer storyline on the Y&R Special
Q&A: Windows 7 is dead: What small businesses need to do Special
Confusion as WHO corrects China virus global risk level
Confusion as WHO corrects China virus global risk level
Op-Ed: Songwriters Hall of Fame snubs songwriting duo of The Monkees
Malaysia imposes ban on Chinese tourists from Wuhan
China virus sends shockwaves through Asia tourist industry
Beijing reports capital's first death from coronavirus
A rocket hits US embassy dining hall in Baghdad
Iraq protesters rebuild torched camps as rocket attack sparks fears