- The recent 16 billion record breach may not be as bad as it sounds
- The datasets most likely contain previously leaked information
- Nevertheless, those affected could still be at risk, so be on your guard
Following the recent reports of over 16 billion records being leaked in an ‘unimaginable’ major data breach, further research has claimed the reality of the incident might not be as disastrous as first thought.
Following significant speculation about the effects and origins of the breach, new findings from BleepingComputer suggest this “breach” may not be new, or even a breach – but instead just a compilation of existing leaked credentials.
The inital datasets discovered by the researchers included hordes of personal information, with each of the 30 datasets containing between tens of millions, to over 3.5 billion data points – totaling 16 billion records. It now looks likely this was a series of datasets simply containing breached credentials assembled by a cybersecurity firm (or by criminals) which was then exposed online.
Infostealers to blame
“Despite the buzz, there’s no evidence this compilation contains new or previously unseen data,” BleepingComputer confirms.
The information from these datasets has likely been circulating for a while, and the layout of the breached information suggests that it was collected using infostealers – a type of malware that has become one of the most prolific threats to security teams and internet users alike.
The information found in these datasets is formatted in such a way that points the finger firmly at infostealers, with credentials appearing in a one per line format (URL:username:password) all compiled in one ‘log’.
One attack from an infostealer can exfiltrate all of the credentials stored on a browser, and the logs are then uploaded and usually sold on the dark web.
Criminals will often upload samples of their stolen data as a ‘taster’ to prove the information is legitimate.
Since these breaches can sometimes contain billions of records, these samples frequently hold tens of thousands of credentials – and this data breach is most likely a compilation of these tasters.
What to do next
New or not, leaked credentials pose a huge threat to those affected. If your information has been leaked, make sure to take a look at some identity theft protection software, as criminals can use your name, address, and details to take out credit cards or loans in your name.
HaveIBeenPwned? is probably the best resource only to check if your details have been affected, offering a run-down of every big cyber incident of the past few years.
As a business, enabling multi-factor authentication (MFA) and ensuring all staff are thoroughly trained on the dangers and signs of social engineering attacks is key. Using business password managers can also help ensure all user passwords are secure.
And if you save passwords to a Google account, you can use Google’s Password Checkup tool to see if any have been compromised, or sign up for one of the best password manager options we’ve rounded up to make sure your logins are protected.
“If this news frightens you, then your security program probably has some fundamental gaps,” argues James Shank, Director of Threat Operations at Expel.
“Let this be the fuel you need to position yourself and your department for solving the problem systematically, rather than defending against the news du jour. There will always be another breach, with even more passwords, and emergency handling will continue if you don’t have systematic defenses in place.”
