Zaheeruddin Ahmed
February 7 · 4 min read
26 billion records have been leaked online. Yes, you read it right. Researchers from Security Discovery and CyberNews have stumbled upon this massive breach dubbed as the mother of all breaches (MOAB), running up to 12 terabytes in size and touted as the biggest data leaks found to date.
The supermassive MOAB does not contain newly stolen data but is mainly the largest compilation of multiple breaches (COMB) from the past. A previous COMB reported by CyberNews in 2021 contained 3.2 billion records, a mere 12% of the latest discovery.
The data contains records from Chinese messaging giants Tencent and Weibo and from Twitter, Dropbox, LinkedIn, Adobe, Canva, and Telegram. Researchers also claim that the leak includes records of government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries.
The dataset is extremely dangerous; with all the leaked sensitive data freely available on the web, threat actors could use this opportunity to orchestrate a wide range of attacks like credential stuffing, identity theft, phishing attacks, cyberattacks, and unauthorized access to personal and sensitive accounts to name a few.
The volume of information made public may include passwords that have been hacked, which could result in data breaches by giving unauthorized users or threat actors access to privileged accounts, systems, and information in an organization.
These breaches often create a cyber-attack chain affecting organizations at every step:
Perimeter exploitation – Early attempts to gain unauthorized access using social engineering, credential stuffing, brute force password attacks, and stolen passwords to obtain login credentials.
Hijacking and escalation - Once within the organization's systems, the attacker will use various techniques, such as credential exploitation, to escalate privileges or control more systems or accounts.
Lateral movement – This is a stage where the attackers switch across systems laterally in an attempt to obtain sensitive information, privileged accounts, or vital resources.
Deploying the most sophisticated security solution to thwart attacks is required but not enough. If basic access security best practices are ignored, the solution can always be compromised.
Password management best practices include: Maintaining password hygiene, eliminating hard-coded credentials, enforcing password complexity rules, and a robust password policy to prevent attackers from accessing critical systems.
Here are a few access security best practices on repeat mode that organizations should adhere to, even if they seem obvious.
The most sensitive information within an organization is its privileged credentials, which grant privileged access to critical accounts. Securden Enterprise Password Manager is a secured password vault that protects privileged passwords, SSH keys, DevOps secrets, workforce passwords, and more.
Even while modern technologies and a range of cybersecurity solutions are undoubtedly necessary for organizations, breaches usually result from neglecting security fundamentals.
Organizations should enforce and automate these best practices to effectively reduce password attacks. These best practices can be automated using Password Management and Privileged Access Management solutions like Securden which offers an all-in-one platform for next-gen privileged access governance.
Prevent identity thefts, malware propagation, cyber-attacks, and insider exploitation. Try Securden today or request for a personalized demo.
Mother of all breaches – Reinforces the need for enhanced password security
Yes, you read it right. 26 billion records have been leaked online. Researchers from Security Discovery...
Zaheeruddin Ahmed
Feb 7 · 4 min read
Local admin rights for Developers – Balancing the scales between basic necessity and security risk
Local admin rights for Developers – Balancing the scales between basic necessity and security risk...
Shyam Senthilnathan
Jan 25 · 5 min read
Privileged Access Management Best Practices for Unparalleled Security
Privileged accounts are the keys to your kingdom. Protecting and managing access to these sensitive...
Pradhyumnan
Dec 21 · 5 min read
Endpoint Privilege Management: Filling the gaps in Intune (Part 2)
Intune EPM (Now Microsoft Entra) helps organizations manage admin rights in a very basic manner ...
Shyam Senthilnathan
Oct 10 · 3 min read
Endpoint Privilege Management: The local admin rights dilemma (Part 1)
The debate over giving unrestricted admin rights is a constant struggle between IT staff and ...
Shyam Senthilnathan
Oct 6 · 4 min read
2013 Target Data Breach: 10 Years On, but the Same Threat Pattern Looms Large!
Hackers targeted the low-hanging fruit, launched an unsophisticated attack, and carried out a...
Himaya Presthitha
July 25 · 6 min read
Password management best practices: Practice or Pay!
Passwords leaked from data breaches in the past continue to cause ripples in 2023, even amidst...
Shyam Senthilnathan
May 26 · 5 min read
Identity thefts and data breaches - The aftermath of privileged access mismanagement
Cybersecurity is a growing concern for businesses of all sizes, as advanced hackers and cybercriminals...
Zaheeruddin Ahmed
Dec 27 · 4 min read
Spate of cyberattacks rock the land down under
Lack of API security, exposed credentials, and misuse of privileged access continue to cause harm...
Rajaraman Viswanathan
Nov 25 · 4 min read
Make this Thanksgiving a memorable one. Treat yourself to a surprise!
We're planning to make this year's Thanksgiving extra special.
Zaheeruddin Ahmed
Nov 21 · 2 min read
The Spooky Season is here early! Recent data breaches re-emphasize the significance of password security
As Halloween is dedicated to remembering the martyred, organizations falling victim to data breaches remind us...
Shyam Senthilnathan
Oct 20 · 4 min read
We're at GITEX, Dubai. Come, meet us!
Are you planning to participate in GITEX, Dubai? If yes, this is a great opportunity to meet our product experts and get a ...
Zaheeruddin Ahmed
Oct 10 · 2 min read
May God defend me from my friends
As stories of trusted insiders causing information security breaches continue to unfold, it’s time organizations woke up to...
Raja Viswanathan
Dec 21 · 4 min read
Ransomware attack on Colonial Pipeline: Executing cyberattacks, now a child's play!
With the easy availability billions of compromised credentials on the dark web, and the practice of password reuse rampant, hackers...
Balasubramanian Venkatramani
jun 7 · 5 min read
Eliminating Admin Rights and Controlling Applications (Part 3)
One of the most effective approaches to reducing risks is eliminating the local admin accounts altogether and...
Raja Viswanathan
May 17 · 4 min read
Looking for a Passwordstate alternative?
Passwordstate, an enterprise password manager developed by Click Studios, suffered a supply chain attack between...
Jithukrishnan
Apr 30 · 3 min read
Local Admin Accounts Management: Microsoft LAPS Vs. PAM (Part-2)
In the previous post, we dealt with the importance of local admin accounts, the associated security risks, and...
Raja Viswanathan
Apr 06 · 3 min read
Top 10 password policy recommendations for sysadmins in 2021
Passwords are omnipresent in our personal and business digital environments. An average person has at least...
Jithukrishnan
Jun 12 · 8 min read
Local Admin Accounts - Security Risks and Best Practices (Part 1)
We are all too familiar with the local administrator account that gets created automatically when installing a Windows...
Raja Viswanathan
Mar 19 · 4 min read
Poor password security practices cause massive security breaches
Weak passwords, password reuse, password sharing, hard-coded credentials, lax measures to storing credentials...
Balasubramanian Venkatramani
Mar 13 · 6 min read