Here is my latest blog post for Bitglass where I discuss the bit Collection 1 breach from January. It was the largest single breach by number of records, though there’s some nuance in that number that I explain in the article. https://www.bitglass.com/blog/collection-1-data-breach
Right after that post dropped, an even larger breach was reported. Needless to say, data breaches are here to stay and it’s wise for individuals to focus on mitigating the risk rather than prevention. https://www.wired.com/story/email-marketing-company-809-million-records-exposed-online/
Also, one of my previous posts got circulated on CSA. Cool! https://blog.cloudsecurityalliance.org/2019/02/08/saas-apps-and-the-need-for-specialized-security/
After I left Bitglass, it was acquired by ForcePoint in 2021. The original blog posts have been taken down but the content is reproduced below.
“Collection #1” Data Breach
News of the 773 million email data breach that Troy Hunt announced for Have I Been Pwned certainly got a lot of coverage a few weeks ago. Now that the dust has settled, let’s cut through some of the hype and see what this really means for enterprise security.
First, let’s clear some things up – the data itself is actually several years old, but it looks like the seller of the data has more recent material, as well. Also, this data did not come from a specific company, but was a composite of various sources that cybercriminals stitched together. It is unclear what these sources are, but some of them are likely to be breaches that have been widely known for some time. This is demonstrated by the fact that Have I Been Pwned has already seen about 82% of the compromised emails in previous breaches.
However, the above could also mean that individual emails have been breached multiple times across different services. Unfortunately, people commonly reuse passwords, which means if a cybercriminal gains access to one password or account, they can potentially gain access to various accounts on different websites.
This is important because this kind of data is used in credential stuffing attacks to automate trying to log in to various services with stolen data. Since passwords are often reused, criminals run all this data against other accounts (Spotify, Netflix, Amazon or other paid subscription accounts), hijack them, and resell them.
Unfortunately, this data is out there now and new breaches are happening all the time. Luckily there are ways both individuals and companies can mitigate the damage. For individuals, using a password manager to create strong unique passwords is definitely a good idea. For companies, password expiration is now arguably a bad idea, but IT teams can monitor services like HIBP and let employees know when to change passwords after a breach. Companies can also cut down on the number of passwords running around by using single sign on (SSO) for their cloud services, and by enabling multi-factor authentication to make it harder for credential stuffing attacks to work. A cloud access security broker (CASB) can also alert IT teams when a strange login occurs so they can take action to protect their data.
For information about how CASBs like Bitglass help secure data, download the Top CASB Use Cases below.