Public leaks of compromised information resulting from Cyber-attacks are nothing new, with billions of records containing all kinds of data on individuals already freely available on the dark web.
However, a new leak with the ominous title of “The Mother of All Breaches” was discovered this month, which contains more than 26 billion records.
Significance of the breach:
The Mother of All Breaches stands out not only for its sheer size but also for the depth of information it contains. The dataset exposes a vast trove of sensitive data, leaving countless individuals and organizations at risk. The breach includes a staggering amount of personal information, from email addresses and passwords to financial details and more.
What makes this breach particularly alarming is its amalgamation of data from various older breaches. Cybercriminals have seemingly compiled information from multiple incidents, creating a comprehensive dataset. This can allow criminals to build a clearer picture of any potential phishing or scam victims, providing multiple insights into their individual interests and circumstances.
This poses a new threat to individuals affected by previous breaches, even if they have already updated relevant leaked passwords.
What can you do to reduce your risk:
Having your data exposed in breaches like this raises serious personal risk of fraud:
Password Reuse - Many people are guilty of reusing the same password across multiple services, especially for accounts they see as unimportant or have not used in a long time. However, this can cause a breach of one service to lead to a breach of many others.
- Password management - We recommend using a password manager to help create and track strong, unique passwords. See our previous article on password management: https://www.abdn.ac.uk/staffnet/news/13064
- Multi Factor Authentication - We enforce Multi Factor Authentication on University accounts, and strongly encourage you to enable it on all personal accounts where available. Additionally, using an authenticator app such as Google or Microsoft Authenticator is recommended over SMS or phone calls (but do use these if they are all that are available).
- Account Management - If you have any online accounts you no longer use, consider deleting them.
Heightened risk of Fraud and Phishing attacks – If your data has been released as part of this (or any other) breach, you will be at risk of targeted phishing emails, fraudulent telephone calls and credit fraud among other things.
- Be Suspicious - You should be extremely wary of calls or emails from unknown sources. If the caller/sender is trying to create a sense of panic or urgency they may be utilising social engineering techniques to get you to do something you shouldn’t.
- Check Your Credit - We recommend signing up for a reputable credit checking agency so that you can monitor any potential identity theft or credit being taken out in your name.
- Dark Web Monitoring - The Information Security Team continuously monitor for any University related account information appearing on the Dark Web. You can do the same for personal accounts by using the “Have I been pwned” service to check if any of your email addresses and related data have been exposed in any known breach: https://haveibeenpwned.com/
See our previous article on Limiting the Impact Of Data Breach for more information: https://www.abdn.ac.uk/staffnet/news/13931/
How you can help prevent an attack:
Phishing emails remain by far the most common way for attackers to gain an initial foothold with a victim or target network.
That is why it is critical that all our staff and students remain vigilant for suspicious emails and report them as quickly as possible:
Report phishing:
If you receive a suspicious email, report it immediately by clicking the “Report Phishing” button in Outlook. The Information Security team check every report.
You can find detailed instructions on this here: https://www.abdn.ac.uk/staffnet/working-here/it-services/security.php#panel7228
Further Reading:
See this article from cybernews.com for further background on the leak: https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/