Member Article

Spambot and Cex leak over 700m email addresses

It has been revealed that a spambot has leaked more than 700m email addresses, and two million customers of the second-hand gadget and video games retailer, Cex, have had their data stolen in a breach. This data included names, addresses, email addresses and credit card information from 2009.

“The data breaches once again highlight how vulnerable our data is,” said Ross Brewer, vice president and managing director, EMEA at LogRhythm. “The scale of the spambot attack is overwhelming with 711 million email addresses as well as a number of passwords leaked, while Cex has revealed that up to two million customers’ data, including credit card information – albeit encrypted and old – have been stolen. What’s scary about the spambot leak is that this data has been scraped and scavenged from older data breaches just like the one suffered by Cex. The reality is that, because of these regular data dumps, no one’s data is safe.

Brewer continued: “The first thing people need to do is, unsurprisingly, change their passwords. A virtual key to your online accounts, breaches like these reinforce the argument that passwords should be changed on a regular basis – and not just when a company has been breached. The unfortunate fact is that it only takes one company like Cex to suffer a new breach for hackers to get their hands on your most up-to-date details, and in some cases these breaches aren’t detected until a while after the compromise occurs.

“On this note, businesses also have a responsibility in helping with the clean-up process. Indeed, it’s crucial they ensure they have tools in place that continuously monitors their network activity so they can detect and respond to anything malicious as soon as it happens. Whether it’s a hacker attempting to gain unauthorised access by spreading malware or using genuine credentials from these two breaches, companies need to have the intelligence and insight required to flag abnormal activity straightaway. “It’s becoming increasingly easy for individuals’ data to fall into the wrong hands, which means hackers no longer need to implement sophisticated attacks. Hackers will subsequently get in, but with full visibility and correlation, businesses have the power to stop them in their tracks before any damage has been done,” concluded Brewer.

This was posted in Bdaily's Members' News section by LogRhythm .