• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

  • Home
  • About Us
  • Solutions & Services
    • Security Governance
    • NETWORK SECURITY
    • CLOUD SECURITY
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

August 21, 2020

Unsecure Server Compromises 350 Million Emails

A recent case of a major database mishandling involved an anonymous company that left a list of 350,000,000 email addresses exposed online. The seven gigabytes worth of addresses were not encrypted and were being hosted on a public Amazon AWS server, visible to all for downloads and viewing. 

With an average email compromise of 7 million per day in the year 2020 alone, cybercrime is becoming increasingly prevalent. It seems as if with every advancement being made by cyber-security organizations in improving online safety, the cybercriminals are always a step or two ahead. It’s safe to say that data leaks such as the one previously mentioned are not helping in closing the ever-widening separation. 

What Was in the Leak?

The leak was closed and taken down by Amazon, which means that the contents of the leak will no longer be available for access or download. However, a sample of the data drop was acquired and dissected into three sections:

  • 50 million strings containing email addresses, in 7 unencrypted CSV files 
  • Hashed email addresses, in 7 CSV files
  • Hashed and salted (MD5 Algorithm) email addresses, in 7 7 CSV files
  • Voice recordings of sales pitches from a company named RepWatch selling a domain reputation management tool

Each of the 3 segments carried the same 350 million email addresses in the CSV files but categorized according to level of encryption.

How Dangerous is This Situation?

Due to the nature of the leak, it’s fair and logical to assume that since the data has already been compromised for over 18 months, it has already been accessed and acquired by cyber-criminals. By now, it is also the assumed that the emails have been sold as well.  

These email addresses are worth a lot of money because of their high potential value, and the total list of 350 million email addresses could amass a 6-figure sum in the black market. Despite the Amazon S3 bucket, from which the emails were leaked, being taken down, the victims will still be monetized in many ways:

  1. Phishing Attacks 
  2. Spamming their email accounts 
  3. Cracking accounts associated with the email-ID’s by brute force scripts 
  4. Gain additional data of users from external leaks make phishing campaigns more effective
  5. Impersonation to steal funds from bank accounts or to even withdraw loans on behalf of the targets 
  6. Spreading phishing attacks by hacking social media accounts 

What Steps to Take If You’re a Victim?

The compromised batch of email ID’s was mostly from the United States. However, the sheer size of the data suggests the possibility that your email address could be found in the dataset.

Here are a couple of measures to ensure your online safety concerning this particular breach:

  1. First and foremost, use the data leak checker to see if you were found in the data drop
  2. If you’re not there, it doesn’t concern you anymore. If you are, it is crucial for you to change your email account passwords as well as major passwords in websites and apps associated with that particular email ID. 
  3. Be vigilant of phishing and avoid suspicious links that call to action
  4. Create long and strong passwords. Use password suggesting tools if you have to.
  5. Keep changing passwords regularly.
  6. Store key passwords in physical storage, such as a notebook.
  7. Use two-factor authentication whenever possible

Filed Under: Cyber security news, Uncategorized

Primary Sidebar

Archives

  • [+]Cloud security (17)
  • [+]Compliance (14)
  • [—]Cyber security news (101)
    • 03 security concerns for low-code and no-code development
    • 04 ways to improve your security posture in 2020
    • 05 ways malware can bypass endpoint protection
    • 11 million stolen records of French users put up for sale online
    • 2 Million Patients’ Data Compromised in Cyber Attack on Shields Healthcare Group
    • 2020: The year that cybersecurity went from reactive to proactive
    • 3 Huge Cyberattacks Show the True Extent of Cyber Crime
    • 30% of SMEs have no data security, says study
    • 4 Cybersecurity trends in 2019
    • 4 Reasons why website security is important
    • 40 Million User Records from Largest Commercial Bank in Ukraine Sold Online
    • 5 Methods to Make Customer Experience Safer
    • 6 Benefits of Cyber Security Automation (2022)
    • 95% of websites risk operating on outdated software with known vulnerabilities
    • All About Data Repository
    • America’s small businesses aren’t ready for a cyberattack
    • Attacker’s phish Office 365 users with fake voicemail messages
    • Attackers impersonate Zoom to steal Microsoft account credentials
    • Can We Rely On Cyber Insurance?
    • Changing Trends in Cybersecurity Training
    • Colonial Pipeline Forced to Pay $4.4m After Ransomware Attack
    • Common types of cybersecurity threats
    • Consumers Must Prioritize Safety Over Convenience
    • Coronavirus Used to Spread Malware
    • Cyber Crime is a Threat to the Energy Sector; Here’s Why
    • Cyber Research: Meta-owned Apps Are Most Vulnerable to Cyberattacks
    • Cybercrime economy is worth $1.5 trillion in illegal profits: study
    • Cybercriminals are Capitalizing on Covid Vaccines to Launch Attacks
    • Cybercriminals are Resorting to Automated Attack Tools
    • Cybercriminals: Threat or Menace?
    • Cybersecurity Challenges for Businesses in 2022
    • Cybersecurity challenges for small businesses
    • Cybersecurity in the Aviation Industry
    • Cybersecurity Trends That CISOs Must Consider in 2022
    • Cybersecurity: Guiding Principles for Board of Directors
    • Data of 1.3 million users leaked in Clubhouse security breach
    • Facebook Messenger Users Fall Victim to Scamming Attacks in Over 80 Countries
    • Five experimental cybersecurity trends your business needs to know about
    • Four major data breaches 2018
    • Four significant changes coming to cybersecurity in 2020 and beyond
    • Hacker Tries to Poison Water Supply of Florida Town
    • Hackers are outpacing defenses, a new report finds
    • Hackers are using famous file sharing services to hack email accounts
    • History of Cybersecurity and Hacking
    • Hospitals are becoming smarter than ever. But so are cybercriminals
    • Hostinger suffers from data breach and resets password for 14 million users
    • How AI can help you stay ahead of cybersecurity threats
    • How does spyware work?
    • How to Check if Your Data Was Leaked in Facebook's Huge Hack
    • HP Printers Are Vulnerable to Hacking
    • Human Error And Chinese Data Security Breach
    • Measures taken by WhatsApp to avoid spam
    • New Act Passed Towards Securing the DHS Software Supply Chain
    • North Korea has been targeting threat researchers
    • One in three organizations suffered data breaches due to mobile devices
    • Phishing in 2020: Another Problem for an Already Difficult Year
    • Predictions of Future Cybersecurity Trends in 2020 and Onwards
    • Property firm cyberattack leaves home movers in the lurch
    • Protect backup from ransomware attacks and recover safely
    • Qbot Banking Malware is back with a new version
    • Quantum Computing and Cybersecurity
    • Retailer Company Hit With Ransomware After Reveling Customer Data
    • Russia-linked gangs attack US critical infrastructure most often
    • Scammers Add an Extra Worry for Travelers Post-COVID
    • School Re-Openings Disturbed by Ransomware Attacks
    • Spyware Pegasus Hacked Thousands of iPhones Globally
    • Supply Chain Cyber Attacks See a Troubling Rise
    • Syniverse Quietly Reveals 5-Year Data Breach
    • The 4 biggest ransomware attacks of the last five years
    • The 6 Biggest Cyberattacks of 2020
    • The Biggest Recent Data Breach Might Have Cost $58 Billion to Resolve
    • The Correlation Between Cyber Insurance and Increasing Cyber Risk
    • The Daixin Team Cybercrime Group Hits Health Organizations With Ransomware, US Agencies Warn
    • The majority of ransomware attacks are targeted at the United States
    • The Next Big Threat: Human Killing Cyberattacks
    • The rise of cryptojacking
    • The shortcomings of centralized server architecture
    • The Top 5 Cyber Security Breaches of 2017
    • Threat or Opportunity? Big Data and Cyber Security
    • Three trends shaking up multi-factor authentication
    • Top Cyber Power Revealed With the US at the Top of the List
    • Top five cybersecurity predictions for 2019
    • Two in three businesses faced insider attacks in 2020
    • Two-factor authentication explained
    • Unsecure Server Compromises 350 Million Emails
    • US insurance company has customer data leaked on a forum
    • US-based auto parts distributor has sensitive data leaked by cybercriminals
    • Use of OSINT tools for security and their functions
    • What is Encryption and its common types
    • What is information security? Definition, principles, and policies
    • What is Magecart? How it works and how to prevent it?
    • What is Typosquatting and How to Stay Safe
    • What the G7 Summit Means for the Future of US-Russia Cybersecurity
    • Which Industries at Higher Risk of Cyber Attacks in 2021
    • Who is Most Vulnerable to Cybercrime: New Report Reveals Surprising Insights
    • Why 2021 Could Witness an Outbreak of Ransomware Attacks
    • Why Cybersecurity Has to Be a CEO Level Matter
    • Why Do Cybercriminals Target Charities?
    • Why You Should be Concerned About How Phishing Attacks are Evolving
    • Will 5G improve mobile security?
    • World’s largest data breaches
  • [+]Cyber security threats (258)
  • [+]Cyber security tips (239)
  • [+]E-Commerce cyber security (3)
  • [+]Enterprise cyber security (2)
  • [+]Financial organizations cyber security (2)
  • [+]General (22)
  • [+]Government cyber security (2)
  • [+]Healthcare cyber security (7)
  • [+]Law Firms Cyber Security (5)
  • [+]Network security (5)
  • [+]Newsletter (1)
  • [+]Ransomware (10)
  • [+]Risk assessment and management (5)
  • [+]Security management and governance (4)
  • [+]Supply Chain Attacks (2)
  • [+]System security (3)
  • [—]Uncategorized (14)
    • 5 Methods to Make Customer Experience Safer
    • Cloud Service Providers Risk Management: 50+ Contracts Key Components
    • Cloud Service Providers Risk Management: Contract Management
    • Cloud Service Providers Risk Management: Importance of Identifying Challenges Early
    • Cloud Service Providers Risk Management: Service Level Agreement (SLA)
    • Cloud Service Providers Risk Management: Understanding Your Risk Exposure
    • Common Types of Phishing Attacks
    • Cyber Security Top Ten Tips
    • How hackers are using COVID-19 to find new victims
    • Protect Yourself from Email Tax Scams
    • Tips For Secure Shopping Online
    • Top Four Cybersecurity Threats Faced by the Financial Services Sector
    • Unsecure Server Compromises 350 Million Emails
    • Using WiFi-Connect With Care
  • [+]Vendor security (10)

Footer

Infoguard Cyber Security

San Jose Office
333 W. Santa Clara Street
Suite 920
San Jose, CA 95113
Ph: (855) 444-6004

Irvine Office
19800 MacArthur Blvd.
Suite 300
Irvine, CA 92612

Recent Posts

  • Cybsersecurity in the Metaverse
  • How to Integrate AI into Your Cybersecurity Strategy
  • Cybersecurity Governance in the Age of Remote Work: Balancing Security and Productivity

Get Social

  • LinkedIn
  • Home
  • About Us
  • Solutions & Services
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Copyright © 2023