Story image

Massive 2.2bil-username data dump leaked on dark web

01 Feb 2019

A second major data dump has hit the dark web in two weeks, compromising of 2.2 billion unique usernames and passwords.

The data dump has been dubbed Collection #2-5 and contains 845GB of data and over 25 billion unique records.

This makes the second leak three times bigger than the Collection #1 dump leaked last month, identified by Australian Cybersecurity expert Troy Hunt.

Wired reported that Collection #2-5 was discovered and has been analysed by security researchers at Germany’s Hasso Plattner Institute and cybersecurity firm Phosphorus.io.

Users can go to the Hasso Plattner Info Leak Checker to see if their email details and credentials have been compromised in the latest data dump.

OneSpan security competence centre and security strategy senior manager market Frederik Mennes says, “2.2 billion unique records is a staggering number.”

“We are becoming accustomed to breach notification news, but sad to say, the use of multi-factor authentication is still not utilised whenever and wherever possible.

“Companies should remember that easy targets will continue to be exploited first, because cybercrime follows the path of least resistance,” Mennes says.

“Technology is evolving, and next-generation authentication, intelligent adaptive authentication, is gaining momentum.

“This technology utilises AI and machine learning to score vast amounts of data, and based on patterns, analyses the risk of a situation and adapts the security and required authentication accordingly.”

OneSpan innovation centre chief security architect Steven Murdoch says, “This password leak shows that large quantities of stolen passwords are readily available to anyone, regardless of how low their budget.

“However, data from recent breaches will be considerably more expensive to obtain. 

“Companies should recognise the limitations of password authentication and are in the best position to mitigate the weaknesses. They should implement additional measures, such as the detection of suspicious behaviour.

“Two-factor authentication, or even better, FIDO/U2F, should be offered to customers. Customers can also help by not re-using passwords across multiple sites and using a password manager if needed.

“The website TwoFactorAuth.org gives instructions on how to enable two-factor authentication on many popular sites, as enabling 2FA, and preferably FIDO/U2F, will significantly help to improve their security.

GoCardless to double A/NZ team by end of year
With a successful E round of investment and continuing organic growth globally, the debit network platform company aims to expand its local presence.
NZ’s Maori innovators are on the rise
“More iwi investors need to recognise that these sectors will provide the high-value jobs our children need."
Phone ringing? This biohack wants you to bite down and ChewIt
So your phone’s ringing, but instead of swiping right or pushing a Bluetooth button you bite down on a tiny piece of tech that sits in your mouth.
How big data can revolutionise NZ’s hospitals
Miya Precision is being used across 17 wards and the emergency department at Palmerston North Hospital.
Time's up, tax dodgers: Multinational tech firms may soon pay their dues
Multinational tech and digital services firms may no longer have a free tax pass to operate in New Zealand. 
Spark’s new IoT network reaches 98% of New Zealand
Spark is the first company to confirm the nationwide completion of a Cat-M1 network in New Zealand.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Robots to the fore – Key insights for New Zealand Business into RPA in 2019
From making artificial intelligence a business reality to closer ties to human colleagues, robotic process automation is gearing up for a strong 2019.