BreachExchange mailing list archives
Data Breaches Lead To Over 1 Billion Records Exposed In The First Half of 2016
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 31 Aug 2016 11:39:59 -0500
https://www.riskbasedsecurity.com/2016/08/data-breaches-lead-to-over-1-billion-records-exposed-in-the-first-half-of-2016/ Risk Based Security and RPS Executive Lines are pleased to announce the release of the latest installment of the Data Breach QuickView Report. The MidYear 2016 Report shows that, while the number of data breaches for the year is down approximately 17% compared to the same time last year, the number of records compromised is off the charts, with over 1.1 billion – *yes billion* – records exposed in the first six months of 2016. With another 6 months still to go, this year is already the worst year on record for the amount of sensitive information compromised. [image: Get Copy Of The Mid Year 2016] <https://pages.riskbasedsecurity.com/2016-midyear-data-breach-year-in-review> Looking at the numbers, we can’t help but ask “How did this happen?!?” A deeper examination of the breaches behind the numbers reveals several interesting trends including: - Attackers continue to have success using tried and true techniques - Misconfigured databases continue to serve up large amounts of data - Reusing log-in credentials across multiple sites can have cascading effects across many organizations The first few months of the year proved just how successful tried and true attack methods can be. Whether it’s called Business Email Compromise, CEO fraud, spoofing or spear phishing, a wave of well-crafted and well-targeted fraudulent emails asking for sensitive information has produced exceptional results. Approximately 150 organizations in the U.S. reported giving up confidential information to fraudsters when unsuspecting employees responded to requests for information. The bulk of the attacks targeted W-2 data – including employee names, addresses, Social Security numbers and wage details – and occurred early in the year just ahead of the tax filing deadline. Although the frequency of disclosures has abated since the spring, incidents continue to be reported with companies like Gamesa Wind <http://ago.vermont.gov/assets/files/Consumer/Security_Breach/Games%20Wind%20SBN%20to%20Consumers.pdf> and Krispy Kreme Doughnuts <http://www.journalnow.com/business/business_news/local/krispy-kreme-deals-with-phishing-incident/article_d623a87c-80c5-50c3-a4f2-cf5107102ec7.html> disclosing incidents as late in the quarter as June 27th. The problem of open, unprotected databases which we have reported <https://www.riskbasedsecurity.com/2016/07/redis-over-6000-installations-compromised/> on previously <https://www.riskbasedsecurity.com/2016/07/thomson-reuters-world-check-terrorist-database-open-for-the-world-to-view/> may be as old a problem as phishing for data. But unlike their phishing-victim counterparts, the number of organization reported to be leaking sensitive data in the first half of the year was well under 150. However, where each phishing attack averaged 2,432 records lost per breach, unsecured databases tended to serve up more significant amounts of information. One of the largest unsecured database breaches to come to light this year impacted 93.4 million Mexican citizens, when MacKeeper security researcher, Chris Vickery, discovered a misconfigured MongoDB hosted on AWS <https://mackeeper.com/blog/post/217-breaking-massive-data-breach-of-mexican-voter-data> servers located in the United States. The leak exposed voter details beyond name and address, including dates of birth, occupation and some national identification numbers. Unfortunately Mexico was not alone this year when it comes to open voter databases. A client of a data services company L2 <http://www.l2political.com/>, had their own experience with an exposed database, this time impacting 154 million U.S. voters. The CouchDB database belonging to the unnamed client was apparently left open after hackers took down the firewall protecting the database <http://www.dailydot.com/layer8/154-million-voter-files-exposed-l2/>. It remains unknown whether the data was taken or merely left open and unprotected. Either way, 247 million identities were put at risk by just two incidents. It has long been known that username and password leaks at one organization can lead to hijacked accounts at a different company. Like phishing and poorly protected databases, using stolen credentials to gain access to valuable information is nothing new. Also like phishing and leaky databases, the first half of the year has seen the problem reach new heights. Mega credential breaches like the ones at MySpace, iMesh, Tumblr, and the 100 million plus additional credentials from the 2012 LinkedIn breach lead to very real consequences for the likes of TeamViewer <http://arstechnica.com/security/2016/06/teamviewer-says-theres-no-evidence-of-2fa-bypass-in-mass-account-hack/>, Carbonite <https://www.carbonite.com/en/cloud-backup/business/resources/carbonite-blog/carbonite-password-attack/> and GoToMyPC <http://status.gotomypc.com/incidents/s2k8h1xhzn4k>. Each of these organizations were hit with “password re-use attacks”, compromising an unknown number of user accounts. While official statements and spokespersons were quick to point out their own security was not breached, that fact is little comfort to those that had their accounts accessed. Likewise, the incidents also triggered large-scale password reset procedures, keeping security teams and administrators alike occupied with the response effort. The research from the Quickview Report suggests that the old epigram “the more things change, the more they stay the same” continues to ring true when it comes to data breaches. Attackers continue to rely on current successful strategies, even when those strategies are as simple as a well crafted phishing email or preying on the habit of recycling comfortable, easy to remember passwords. Likewise, we do ourselves few favors when we fail to take reasonable and necessary steps to protect our most valuable information assets.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Data Breaches Lead To Over 1 Billion Records Exposed In The First Half of 2016 Inga Goddijn (Aug 31)