The discover of
in excess of 2.7 billion email addresses located in an open, unprotected online database represents one of the biggest data breaches on record. Additionally, more than a billion email passwords billion of those records also contained a plain-text password associated with the email address.
Most of the emails were from Chinese domains including qq.com, 139.com, 126.com, gfan.com, and game.sohu.com. Those domains belong to some of China’s biggest internet companies, such asTencent, Sina, Sohu, and NetEase. Several email addresses had Yahoo and Gmail domains, as well as some Russian ones like rambler.ru and mail.ru.
Upon verification, the researchers concluded that all the emails with passwords originated from the so-called “Big Asian Leak,” first uncovered
by HackRead.
To understand the implication of the data breach, Digital Journal caught up with
Alexander García-Tobar, CEO and co-founder,
Valimail.
According to García-Tobar: “The exposure of 2.7 billion email addresses and one billion passwords means it’s even easier for cybercriminals to take over the compromised email accounts."
He notes that these types of data breaches are becoming relatively easy: "It's worth noting that account takeover isn’t necessary for these fraudsters to launch targeted phishing campaigns and orchestrate sophisticated business email compromise (BEC) scams. In fact, cybercriminals can impersonate the identity of a trusted business partner or coworker without having access to their account, and any exposed database of known email addresses will only give these criminals more identities to spoof."
In terms of what businesses should be considering, García-Tobar notes: "In the wake of a leak like this, individuals and enterprises alike need to be extra vigilant for phishing attacks that may impersonate people or brands they trust. In order to thwart spoofing and phishing from untrusted domains and accounts, organizations need to employ solutions that can validate the sender identity of all inbound emails."
García-Tobar also recommends using more sophisticated encryption methods: "Additionally, they should also implement multi-factor authentication, ensure that their own domains are locked down with
Domain-based Message Authentication, Reporting & Conformance (DMARC) at enforcement, and deploy BIMI on their authenticated domains.”