Image credit: shutterstock.com/g/Kite_rin
Earlier this week on Monday January 22nd, news outlets began reporting on a major data leak that has potentially compromised 26 billion records. The allegedly compromised information came from numerous companies, including LinkedIn, X (formerly Twitter), Dropbox, Adobe, Canva, Tencent, and Weibo.
According to researchers, the data came from known sources, but it does not appear at this time that the data is new data, rather it is compiled records from previous breaches and data leaks. However, this still creates risk since user logins and passwords were compromised.
On Tuesday, according to Forbes, a LinkedIn spokesperson shared:
“We are working to fully investigate these claims and we have seen no evidence that LinkedIn’s systems were breached. You can find more information on how we keep members safe from scraping here.”
There may be an increase of credential stuffing attacks in the coming weeks. This type of cyberattack is an automated attack that inserts stolen usernames and passwords into a system’s login field to obtain full access for fraudulent purposes.
Credential stuffing attacks work because people use the same password for multiple accounts. For example, if someone uses the same password for both their grocery store loyalty program and bank account, the hackers attack the less defended database (ex. grocery store loyalty program). Then they use that information to try and get into the person’s bank account. This is why it’s important not to utilize the same password for multiple accounts.
Cybersecurity experts are recommending that users update their passwords to a strong, random password. It’s vital that everyone is aware of the increasing prevalence of phishing emails. Users are encouraged to implement two-factor authentication as an additional security measure, when possible.
Experts have suggested utilizing a Cyber Data Leak Checker to find out if your accounts have been compromised. It may be too early to see if your data has been identified as compromised, and this should be checked regularly.
Educating yourself and employees about cyber risks is important. This breach is another reminder of easy it is for cyber-attacks to happen. While the U.S. Government works to strengthen our data privacy laws, businesses and individuals should remain vigilant and protect their data. Be sure your business has cyber insurance in case a cyber-attack does occur. If you don’t have cyber insurance or want to adjust your limits reach out to TSIB today and speak with one of our Risk Consultants.
TSIB’s Risk Consultants are currently servicing the following locations:
East Coast: New York City, NY; Bergen County, NJ; Fairfield County, CT; Philadelphia, PA
Texas: Austin, San Antonio, Houston, Dallas
California: Orange County, Los Angeles County, Riverside County, San Bernardino County, San Diego County