A recent case of a major database mishandling involved an anonymous company that left a list of 350,000,000 email addresses exposed online. The seven gigabytes worth of addresses were not encrypted and were being hosted on a public Amazon AWS server, visible to all for downloads and viewing.
With an average email compromise of 7 million per day in the year 2020 alone, cybercrime is becoming increasingly prevalent. It seems as if with every advancement being made by cyber-security organizations in improving online safety, the cybercriminals are always a step or two ahead. It’s safe to say that data leaks such as the one previously mentioned are not helping in closing the ever-widening separation.
What Was in the Leak?
The leak was closed and taken down by Amazon, which means that the contents of the leak will no longer be available for access or download. However, a sample of the data drop was acquired and dissected into three sections:
- 50 million strings containing email addresses, in 7 unencrypted CSV files
- Hashed email addresses, in 7 CSV files
- Hashed and salted (MD5 Algorithm) email addresses, in 7 7 CSV files
- Voice recordings of sales pitches from a company named RepWatch selling a domain reputation management tool
Each of the 3 segments carried the same 350 million email addresses in the CSV files but categorized according to level of encryption.
How Dangerous is This Situation?
Due to the nature of the leak, it’s fair and logical to assume that since the data has already been compromised for over 18 months, it has already been accessed and acquired by cyber-criminals. By now, it is also the assumed that the emails have been sold as well.
These email addresses are worth a lot of money because of their high potential value, and the total list of 350 million email addresses could amass a 6-figure sum in the black market. Despite the Amazon S3 bucket, from which the emails were leaked, being taken down, the victims will still be monetized in many ways:
- Phishing Attacks
- Spamming their email accounts
- Cracking accounts associated with the email-ID’s by brute force scripts
- Gain additional data of users from external leaks make phishing campaigns more effective
- Impersonation to steal funds from bank accounts or to even withdraw loans on behalf of the targets
- Spreading phishing attacks by hacking social media accounts
What Steps to Take If You’re a Victim?
The compromised batch of email ID’s was mostly from the United States. However, the sheer size of the data suggests the possibility that your email address could be found in the dataset.
Here are a couple of measures to ensure your online safety concerning this particular breach:
- First and foremost, use the data leak checker to see if you were found in the data drop
- If you’re not there, it doesn’t concern you anymore. If you are, it is crucial for you to change your email account passwords as well as major passwords in websites and apps associated with that particular email ID.
- Be vigilant of phishing and avoid suspicious links that call to action
- Create long and strong passwords. Use password suggesting tools if you have to.
- Keep changing passwords regularly.
- Store key passwords in physical storage, such as a notebook.
- Use two-factor authentication whenever possible