Endpoint

11/25/2014
12:20 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

6 Million+ Email Accounts Worldwide Exposed In Past 3 Months

Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.

More fallout from the epidemic of data breaches that occurred in 2014: More than 6 million email accounts and credentials from around the globe have been leaked in the past three months, according to a new study.

Putting that into perspective, the researchers who gathered that data from the cybercrime market say they typically see around 150,000 such pilfered accounts per month. "This explosion can only be connected to the high number of data breaches that occurred in 2014," Heimdal Security said in a blog post warning of the surge in stolen email account credentials.

The Danish security firm warns that the 6 million exposed email accounts represent just a snapshot of the compromised accounts, however.

"As a security company we only pick up a smaller part of what hackers actually have access to, and you have to remember that the 6 million accounts have only been discovered over the last three months. The actual number could be 20 times as high or more," says Morten Kjaersgaard, CEO of Heimdal Security. 

[This year's wave of cyber attacks was more dramatic in its widespread scope and seemingly constant battering of more than a dozen big-box chains. Check out our slideshow recapping them: The Year Of The Retailer Data Breach.]

Kjaersgaard told Dark Reading that the stolen email account information floating around the cyber underground either has already been or could be used by the bad guys to compromise businesses and individuals.

2014 indeed has been a watershed year for data breaches, mainly due to the wave of big-box retailers that were hacked for customer payment card information.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/1/2014 | 8:13:40 AM
Re: Just Another Day At the Office
It also doesn't surprise me that email is & will likely continuesto be a major target. It's such a ubiquitous application with a broad range of users (everyone?)...Like shooting phish in a barrel. (Pun intentded)
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
11/30/2014 | 9:07:30 PM
Re: Just Another Day At the Office
I'm not a betting person, but I'll bet there will be other such waves next year. 
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
11/28/2014 | 1:55:12 PM
Just Another Day At the Office

"....They typically see around 150,000 such pilfered accounts per month. "This explosion can only be connected to the high number of data breaches that occurred in 2014. " 

 

Already an unbelievable number - I wonder what it be after the 2015 ?    If projections hold steady, 300,000 ? 

Technocrati
50%
50%
Technocrati,
User Rank: Ninja
11/28/2014 | 1:47:20 PM
Breeches: Too Many To Count

There have been so many security breeches of late that is getting difficult to keep up with them.  I have to ask myself, what is going on ?   There has to be a major flaw that hackers are exploiting and security personnel have yet to correct.   Always seems as if security is one to five steps behind the hacker.   

 

It might be time for companies to re-examine their security practices and policies - improvements must be made.

Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.