Yesterday a cybersecurity firm reported that 360 million newly stolen credentials were available for sale on the deep web. The breach reportedly includes one attack that alone yielded 105 million records. Taken as a whole, that would make this aggregate compromise the largest breach of credentials to date, eclipsing the Adobe and Target breaches both in size and level of exposure.
Whether this latest report is a re-hash of what we already know–that somewhere between 800 million and more than a billion credentials have been involved in breaches–doesn’t really matter. Either way, we’ve reached “China Syndrome”. If the magnitude of the danger posed by all the breaches out there were to be graded on the Richter Scale, it would be somewhere in the range of an 9.5 earthquake.
What does it mean for you? What it’s always meant. Change every password you’ve ever had and currently use. And do it regularly.
The latest reports confirm something we’ve known all along: corporate breach and individual compromise is inevitable. It also represents yet another epic fail on the part of the business community, and another victory for hackers.
All the while our federal government issues “guidelines” and asks for cooperation from a business sector that either doesn’t get it, can’t fathom the magnitude of the danger or doesn’t wish to get it. If you own a business, it’s way past midnight. It’s to take this threat seriously.