Endpoint

11/25/2014
12:20 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

6 Million+ Email Accounts Worldwide Exposed In Past 3 Months

Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.

More fallout from the epidemic of data breaches that occurred in 2014: More than 6 million email accounts and credentials from around the globe have been leaked in the past three months, according to a new study.

Putting that into perspective, the researchers who gathered that data from the cybercrime market say they typically see around 150,000 such pilfered accounts per month. "This explosion can only be connected to the high number of data breaches that occurred in 2014," Heimdal Security said in a blog post warning of the surge in stolen email account credentials.

The Danish security firm warns that the 6 million exposed email accounts represent just a snapshot of the compromised accounts, however.

"As a security company we only pick up a smaller part of what hackers actually have access to, and you have to remember that the 6 million accounts have only been discovered over the last three months. The actual number could be 20 times as high or more," says Morten Kjaersgaard, CEO of Heimdal Security. 

[This year's wave of cyber attacks was more dramatic in its widespread scope and seemingly constant battering of more than a dozen big-box chains. Check out our slideshow recapping them: The Year Of The Retailer Data Breach.]

Kjaersgaard told Dark Reading that the stolen email account information floating around the cyber underground either has already been or could be used by the bad guys to compromise businesses and individuals.

2014 indeed has been a watershed year for data breaches, mainly due to the wave of big-box retailers that were hacked for customer payment card information.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/1/2014 | 8:13:40 AM
Re: Just Another Day At the Office
It also doesn't surprise me that email is & will likely continuesto be a major target. It's such a ubiquitous application with a broad range of users (everyone?)...Like shooting phish in a barrel. (Pun intentded)
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
11/30/2014 | 9:07:30 PM
Re: Just Another Day At the Office
I'm not a betting person, but I'll bet there will be other such waves next year. 
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
11/28/2014 | 1:55:12 PM
Just Another Day At the Office

"....They typically see around 150,000 such pilfered accounts per month. "This explosion can only be connected to the high number of data breaches that occurred in 2014. " 

 

Already an unbelievable number - I wonder what it be after the 2015 ?    If projections hold steady, 300,000 ? 

Technocrati
50%
50%
Technocrati,
User Rank: Ninja
11/28/2014 | 1:47:20 PM
Breeches: Too Many To Count

There have been so many security breeches of late that is getting difficult to keep up with them.  I have to ask myself, what is going on ?   There has to be a major flaw that hackers are exploiting and security personnel have yet to correct.   Always seems as if security is one to five steps behind the hacker.   

 

It might be time for companies to re-examine their security practices and policies - improvements must be made.

6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.