Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti
Passwords and details of 5m big company employees leaked
Personal details of 5.5m employees from the world’s 1,000 biggest public companies have been discovered online by a British cyber security firm that searched through data compromised by recent breaches of popular websites.
Digital Shadows found details including corporate email addresses and passwords from 97 per cent of the 1,000 companies. It did not name the individual companies concerned.
The UK firm trawled through data leaked from popular services such as LinkedIn, Dropbox and MySpace, looking for users who had signed up using their work email accounts. Many of them had reused their work passwords.
Nearly 300,000 people’s details had been stolen from dating websites, including Ashley Madison and Adult Friend Finder; Ashley Madison alone yielded corporate emails and passwords of more than 200,000 people working for big companies.
The cost of a single data breach can be enormous — an IBM study found that the average total cost to a company is $4m. High-profile victim TalkTalk lost 101,000 customers, spent £60m and faced a parliamentary inquiry. Last year, data breaches cost British businesses about £34bn.
Much of the data uncovered by Digital Shadows had not been previously leaked — 90 per cent of the 5.5m usernames and passwords were newly available online.
“We were analysing leaks going back to 2012, so I thought we would see a lot of duplicates, but only 10 per cent of credentials had been in previous leaks,” said Rick Holland, vice-president for strategy at Digital Shadows. “Whenever a breach becomes public, the first thing our clients ask is: ‘Are these details new or repackaged?’ So this is bad news.”
Studies have found that more than 60 per cent of people reuse passwords and compromised credentials can also be used for phishing attacks and extortion attempts.
Combining stolen information can allow cyber criminals to piece together comprehensive user identities, cyber security experts said.
“One frightening example is the ‘Facebook of Everything’ that China’s intelligence service is compiling from the personal data stolen over several high-profile US cyber breaches,” said Robert Capps, vice-president of business development at NuData Security. “Their stated goal is to compile it into a massive Facebook-like network to build a profile of everyone, with more details than Facebook.”
Cyber security consultants advise companies to require employees to change passwords every eight weeks and use additional security, such as requiring authentication through a mobile phone, for new sign ons. “Rolling out multi-factor authentication is really important to minimise that risk,” Mr Holland said.
23/09/16 Çap et