Following the news that a collection of 127 million accounts has been found for sale on the Dark Web, Corin Imai, Sr. Senior Security Advisor at DomainTools commented below.
Corin Imai, Sr. Senior Security Advisor at DomainTools:
“The trend of harvesting emails and passwords from multiple data breaches and grouping them into collections to sell on the dark web is sadly on the rise.
It is encouraging, though, that YouNow – listed by criminals as one of the breached firms – has investigated the claim and has found its accounts to be secure. This means that not all the credentials listed on Dream Market are necessarily genuine. Nonetheless, the sheer number of compromised accounts that have been put up for sale would allow for credential stuffing or phishing attack on a large scale. Customers should immediately change the passwords to their most sensitive accounts, should they have used the same on one of the breached websites. Criminals rely on users privileging comfort over security: a single password for every account is easier to remember, but creates a ripple effect of compromised accounts: criminals could gain access to financial information and even, in certain cases, accomplish identity theft.
As always, the best way in which users can safeguard the security of their accounts is to choose strong, unique passwords for each of their accounts, and to enable multifactor authentication wherever possible.”