Email
Password
Remember meForgot password?
    Log in with Twitter

article imageBillions of email addresses exposed online Special

Listen | Print
By Tim Sandle     Dec 14, 2019 in Technology
Comparitech researchers in collaboration with security research Bob Diachenko found more than 2.7 billion email addresses in an open, unprotected online database. Looks into the issue.
The discover of in excess of 2.7 billion email addresses located in an open, unprotected online database represents one of the biggest data breaches on record. Additionally, more than a billion email passwords billion of those records also contained a plain-text password associated with the email address.
Most of the emails were from Chinese domains including qq.com, 139.com, 126.com, gfan.com, and game.sohu.com. Those domains belong to some of China’s biggest internet companies, such asTencent, Sina, Sohu, and NetEase. Several email addresses had Yahoo and Gmail domains, as well as some Russian ones like rambler.ru and mail.ru.
Upon verification, the researchers concluded that all the emails with passwords originated from the so-called “Big Asian Leak,” first uncovered by HackRead.
To understand the implication of the data breach, Digital Journal caught up with Alexander García-Tobar, CEO and co-founder, Valimail.
According to García-Tobar: “The exposure of 2.7 billion email addresses and one billion passwords means it’s even easier for cybercriminals to take over the compromised email accounts."
He notes that these types of data breaches are becoming relatively easy: "It's worth noting that account takeover isn’t necessary for these fraudsters to launch targeted phishing campaigns and orchestrate sophisticated business email compromise (BEC) scams. In fact, cybercriminals can impersonate the identity of a trusted business partner or coworker without having access to their account, and any exposed database of known email addresses will only give these criminals more identities to spoof."
In terms of what businesses should be considering, García-Tobar notes: "In the wake of a leak like this, individuals and enterprises alike need to be extra vigilant for phishing attacks that may impersonate people or brands they trust. In order to thwart spoofing and phishing from untrusted domains and accounts, organizations need to employ solutions that can validate the sender identity of all inbound emails."
García-Tobar also recommends using more sophisticated encryption methods: "Additionally, they should also implement multi-factor authentication, ensure that their own domains are locked down with Domain-based Message Authentication, Reporting & Conformance (DMARC) at enforcement, and deploy BIMI on their authenticated domains.”
More about Data breach, Email, Passwords
More news from
Latest News
Top News
In first, Perseverance Mars rover makes oxygen on another planet
In Peru, pre-Columbian canals offer hope against drought
Germany faces up to unpredictable post-Merkel era
Myanmar crisis summit a test for ASEAN's credibility: Thailand
A ripped up deal, virus accusations and spies: Australia-China relations in freefall
Biden seeks to rally world on climate as summit momentum builds
India's Covid-19 surge and the new variant: what we know
Super League fiasco leaves 'dirty dozen' facing punishment
Israel strikes Syria after attack near secretive nuclear site
Along the mighty Niger River, fewer fish and more jihadists