Collection #1 was bad enough, and on top of this comes Collections #2 to 5.
Collection #1 refers to a massive trove of leaked data, recently posted to a hacking forum. The breach included some 772,904,991 unique email addresses together with 21,222,975 unique passwords.
READ MORE: Largest public data breach by volume revealed
There are almost three times as many personal records in Collections #2 to 5 as there were in Collection #1. These amount to, in total, around 845 gigabytes of data and in excess of 25 billion personal records.
ICYMI: What are the implications of the Collection #1 breach?
To discover more about these latest data breaches, Frederik Mennes, Senior Manager Market at OneSpan, together with Steven Murdoch, provides commentary to Digital Journal.
Outlining the implications of Collection #2 to #5, Mennes says: “Over two billion unique records is a staggering number. We are becoming accustomed to breach notification news, but sad to say, the use of multi-factor authentication is still not utilized whenever and wherever possible.”
This means that businesses need to take such data breaches more seriously. Here Mennes tells us: “Companies should remember that easy targets will continue to be exploited first…because cyber-crime follows the path of least resistance. Technology is evolving, and next-generation authentication, intelligent adaptive authentication, is gaining momentum.”
In terms of what this means, Mennes goes on to explains: “This technology utilizes artificial intelligence and machine learning to score vast amounts of data, and based on patterns, analyses the risk of a situation and adapts the security and required authentication accordingly.”
Pitching in, Steven Murdoch, who is the Chief Security Architect at OneSpan, addresses a common area of business cyber security weakness — passwords: “This password leak shows that large quantities of stolen passwords are readily available to anyone, regardless of how low their budget. However, data from recent breaches will be considerably more expensive to obtain.”
Murdoch also addresses where businesses should be diverting their focus: “Companies should recognize the limitations of password authentication and are in the best position to mitigate the weaknesses. They should implement additional measures, such as detection of suspicious behavior.”
As an example he highlights: “Two-factor authentication, or even better, FIDO/U2F, should be offered to customers. Customers can also help by not re-using passwords across multiple sites and using a password manager if needed.” Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication (2FA).
In terms of where to go for advice, the U2F provides a mechanism for businesses to utilize. According to Murdoch this offers: “Instructions on how to enable two-factor authentication on many popular sites, as enabling 2FA, and preferably FIDO/U2F, will significantly help to improve their security.”
