Data source with billions of previously leaked credentials exposed once again
Take action: Trusting a vendor with is about discipline the little things - if you are showing lack of discipline in securing one set of data that you have gathered, what does that say about your discipline and ability to secure more sensitive data? And should customers give you the trust to handle more sensitive data? Never treat a data set like "it's fine". It's not fine.
Learn More
A primer of how not to treat data:
Billions of users are exposed once again after digital risk protection firm DarkBeam left an online database unprotected, exposing usernames and passwords from over 3.8 billion user records. All email addresses and passwords exposed in this breach were collected from prior data breaches, as DarkBeam had been aggregating this information to notify its customers about potential future data breaches.
This lapse was discovered by security researchers at Security Discovery, and has now been secured. During the exposure period, any user could access the database containing these credentials. It's unclear how long has this data set been left exposed.
Although this particular leak may not sound like a big deal since it contained data that has already been exposed, there are two perspectives to consider:
- The current data set is a wonderfully aggregated version of 16 collections, making it that much easier for cybercriminals to exploit the data in future attacks.
- If a security company can't secure a set of data that's sensitive but semi-public, can it be trusted to secure their customers' confidential data?
