Endpoint

11/25/2014
12:20 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

6 Million+ Email Accounts Worldwide Exposed In Past 3 Months

Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.

More fallout from the epidemic of data breaches that occurred in 2014: More than 6 million email accounts and credentials from around the globe have been leaked in the past three months, according to a new study.

Putting that into perspective, the researchers who gathered that data from the cybercrime market say they typically see around 150,000 such pilfered accounts per month. "This explosion can only be connected to the high number of data breaches that occurred in 2014," Heimdal Security said in a blog post warning of the surge in stolen email account credentials.

The Danish security firm warns that the 6 million exposed email accounts represent just a snapshot of the compromised accounts, however.

"As a security company we only pick up a smaller part of what hackers actually have access to, and you have to remember that the 6 million accounts have only been discovered over the last three months. The actual number could be 20 times as high or more," says Morten Kjaersgaard, CEO of Heimdal Security. 

[This year's wave of cyber attacks was more dramatic in its widespread scope and seemingly constant battering of more than a dozen big-box chains. Check out our slideshow recapping them: The Year Of The Retailer Data Breach.]

Kjaersgaard told Dark Reading that the stolen email account information floating around the cyber underground either has already been or could be used by the bad guys to compromise businesses and individuals.

2014 indeed has been a watershed year for data breaches, mainly due to the wave of big-box retailers that were hacked for customer payment card information.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/1/2014 | 8:13:40 AM
Re: Just Another Day At the Office
It also doesn't surprise me that email is & will likely continuesto be a major target. It's such a ubiquitous application with a broad range of users (everyone?)...Like shooting phish in a barrel. (Pun intentded)
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
11/30/2014 | 9:07:30 PM
Re: Just Another Day At the Office
I'm not a betting person, but I'll bet there will be other such waves next year. 
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
11/28/2014 | 1:55:12 PM
Just Another Day At the Office

"....They typically see around 150,000 such pilfered accounts per month. "This explosion can only be connected to the high number of data breaches that occurred in 2014. " 

 

Already an unbelievable number - I wonder what it be after the 2015 ?    If projections hold steady, 300,000 ? 

Technocrati
50%
50%
Technocrati,
User Rank: Ninja
11/28/2014 | 1:47:20 PM
Breeches: Too Many To Count

There have been so many security breeches of late that is getting difficult to keep up with them.  I have to ask myself, what is going on ?   There has to be a major flaw that hackers are exploiting and security personnel have yet to correct.   Always seems as if security is one to five steps behind the hacker.   

 

It might be time for companies to re-examine their security practices and policies - improvements must be made.

What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2638
PUBLISHED: 2018-07-16
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
CVE-2017-7468
PUBLISHED: 2018-07-16
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was...
CVE-2018-13387
PUBLISHED: 2018-07-16
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or ...
CVE-2018-14071
PUBLISHED: 2018-07-16
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.
CVE-2018-5229
PUBLISHED: 2018-07-16
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.