While some people say that you can’t prove that people have been harmed by lax cybersecurity practices, the laws are making it more expensive for companies to believe this. Fines in the hundreds of thousands, millions and even billions of dollars are happening. So whether companies believe cybersecurity is an issue or not, their wallets are suggesting that they need to make improvements.
To encourage that, one hacker who goes by the handle GnosticPlayer is making it a one man mission to make life miserable for businesses with weak security.
Until this week he has made 4 dumps of data –
- round one contained 620 million records
- round two contained 127 million records
- round three contained 93 million records and
- round four contained 26.5 million records.
This brought the total to over 850 million records,
Until this week.
Round five contains 65 million records from 6 companies, bringing the total to over 900 million records.
In case you are questioning whether this is a business, apparently the data is available, sorted by category. For a “fee”. In Bitcoin.
Stolen email addresses are sold to spam networks,
Financial details are sold to groups that specialize in tax fraud and online fraud.
Usernames and passwords are sold to groups that specialize in credential stuffing (the technique of taking a million userids and passwords, throwing them at a web site and seeing which ones work).
The hacker is selling his data on Dream Market, a pretty public dark web marketplace. He does not appear to be very shy about publicity, so my guess is that he is not in a country friendly to the U.S.
For businesses and consumers, this means that your information is being used against you.
Credential stuffing allows hackers to attempt to hack your bank account and empty it. Is that important to you?
Tax fraud means that your tax return will be rejected by the IRS and you will not get the refund that you are owed.
Other attacks might mean that you will lose access to your email account or other accounts.
So unless you think that the issues above are not important to you or your customers, you need to work hard to improve your business’ and personal cybersecurity hygiene.