A massive data breach has occurred that has exposed almost 71 million email addresses that have been linked to compromised accounts from the Naz.API dataset. This dataset contains a staggering 1 billion credentials that have been compiled from credential stuffing lists and data stolen by information-stealing malware. Troy Hunt, the creator of the data breach notification service, Have I Been Pwned?, recently wrote a blog post outlining the extent of the breach. According to Hunt, the dataset contained 319 files totaling 104GB and 70,840,771 unique email addresses.
Josh Hickling, Principal Consultant at Pentest People, weighed in on the significance of this addition to the dataset. He explained that the records that have been added could be concerning, especially if they provide access to sensitive services. “From an impact perspective to the public, it would depend on where the disclosed credentials would provide access to,” Hickling said. He also warned that if the credentials are reused across multiple services, it could potentially provide access to several accounts across the internet.
Paul Bischoff, Consumer Privacy Advocate at Comparitech, echoed these concerns, noting that Naz.API is a prime example of how cybercriminals can combine data from multiple breaches and public sources to create detailed profiles of potential victims. This could lead to more sophisticated attacks in the future, as cybercriminals are able to effectively find and target victims.
Javvad Malik, lead security awareness advocate at KnowBe4, highlighted the prevalence of password attacks, emphasizing that passwords remain a vulnerable point for many criminals. He stressed the importance of not only choosing strong passwords but also using password managers and implementing multi-factor authentication (MFA) across websites to secure accounts.
Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, advised internet users to visit the Have I Been Pwned website to sign up for notifications when their email addresses have been included in a data breach. This would help users stay alert when their information has been exposed.
On the business side, Nick Rago, Field CTO at Salt Security, emphasized the importance of requiring MFA for users and implementing appropriate defenses to protect against malicious behaviors. Additionally, Erfan Shadabi, Cybersecurity Expert at comforte AG, stressed the obligation of organizations to protect user data and adopt a data-centric security strategy to prioritize user data protection.
In response to the breach, Jamie Akhtar, CEO and Co-Founder of CyberSmart, emphasized the importance of checking if individuals have been affected and recommended using MFA on every account as an extra layer of security. This would make it much harder for cybercriminals to gain access to accounts.
This recent data breach underlines the ongoing importance of cybersecurity measures for both individuals and organizations. With cybercriminals constantly finding new ways to exploit vulnerabilities, it’s crucial for users and companies alike to stay vigilant and take proactive steps to protect their data and sensitive information. As cyber threats continue to evolve, it’s clear that a comprehensive approach to security is essential to safeguard against breaches and protect against potential harm.