The Recent Data Breach that has Led to Increased Email Phishing Scams

Email phishing scams have become more and more common for several reasons. First, most people have multiple email addresses that can be targeted, and jobs that include email accounts require those to be checked regularly. This increases user exposure to threats and the greater the number of threats the more challenging it can be to protect yourself.

This post discusses a recent data breach that has led to an increased number of email phishing scams.

The Recent Data Breach that has Led to Increased Email Phishing Scams

Generally, the greater the number of businesses or websites you use or register an email address with, the higher the likelihood that email address will be shared with other businesses. Some websites will sell your information to other companies and others simply share with other business partners.

As you can imagine, your exposure multiplies over time and the number of business partners can be exponential if each one continues to share and you continue to use the email address to sign up for additional services and accounts.

The reason the number of places you use your email address is important is because the more well known the email is, the more likely it is to be used in a phishing attack by someone trying to gain unauthorized access to your private data, account credentials or devices.

Early in November, a list of nearly two billion unique email addresses was breached. Along with these email addresses were 1.3 billion unique passwords. The list that was breached was actually a conglomerate of other email addresses and passwords that had been breached in the past and added to a collective of another 625 million passwords which were new.

This new data breach has led to an increased amount of phishing emails being sent to users with emails included in the breach. Additionally, there has been a spike in attempts against online services utilizing a combination of these breached email addresses and passwords.

Background info on this data breach

This collection of data was not collected to be sold or for nefarious reasons which makes it different than other times when these lists are collected. Instead, it was collected by Synthient to be shared with the Have I Been Pwned service which can be used to help users protect themselves and be more proactive with their email address and password combinations.

The website Have I Been Pwned (https://HaveIBeenPwned.com) allows people to check their email addresses and/or passwords to see if either have been released in a security breach. This is a great way to stay more informed about compromised password and email accounts that are likely to be targeted.

Here's an example of a search on my business email address. Most of the breaches are companies or data collectors I have never heard of or intentionally used, but serves as a great reminder of how often our data passes through the hands of businesses we are not familiar with. This can be because the data is being sold or because our data is being collected by data aggregators.

Note: If you are checking a password because you are concerned it has been compromised, it is a great idea to change it. Also, if you do not reuse passwords, the level of threat is greatly reduced and you will have many fewer accounts to update!

The list of two billion records recently breached was collected for the purposes of sharing with this tool to protect people, but was unfortunately breached instead.

What you can and should do

Check to see if any of your email addresses have been included in this newest breach. If so, change the password used for the email account at the very least, and for any accounts you log into with that email at best. You can check your email address by visiting the website listed above and click on the "Dashboard" link, then clicking the "Check my email" button in the bottom left of the page.

NOTE: As with any free product, use with caution and an awareness that nothing is 100% impenetrable.

Important security information

The most important thing you can do is not reuse passwords. This cannot be stated too many times because almost everyone is guilty of this at some point. The problem is, once a set of credentials are breached, if you reused those anywhere else those accounts may also be accessed. If someone gets ahold of the credentials for an email account, a hacker can use that to reset passwords for other accounts.

Ultimately, the impact could be catastrophic and the time you would spend trying to recover from such an attack will cost you way more in time than you would ever waste in having unique credentials. Additionally, you could suffer from financial loss or even a reduction in credit.

A runner up to the most important thing you can do to protect your account credentials is to enable multi-factor! This helps ensure only you can authenticate a login. If someone else tries to log into your account and multi-factor is configured correctly, they should not be able to get past the secondary authentication. This is a huge addition to your protection and is vital in account security.

Read this article for more information about this most recent breach.

Protecting your data, login credentials, email addresses and devices has become more and more of a challenge every day. The most important things you can do are to resist reusing passwords, to enable multi-factor and to use caution with everything you do. When data is breached, at no fault of your own, check to see if you think you are at risk where you can, and update passwords if you are concerned. Lastly, share information with others to help protect them as every step of prevention can help reduce the spread of the threats coming at us every day.

As always, being aware of the current threats and what you can do to increase your security can help reduce the impact of these threats!