Abu Dhabi, UAEFriday 22 November 2019

Over 20 million passwords leaked in 2019's first major data breach revelation

The "Collection #1" breach carries a set of email addresses and passwords totalling over 2 billion rows

The average cost of data breach in the UAE and Saudi Arabia was $5.31m in the first half of 2018. EPA
The average cost of data breach in the UAE and Saudi Arabia was $5.31m in the first half of 2018. EPA

It’s only the first month of 2019 and hyper-active cyber criminals are already on the prowl to steal your confidential information and data. In one of the biggest revelations of data breaches in history, more than 700 million email addresses and nearly 22 million passwords have been reportedly compromised.

Data breach notification portal Have I Been Pwned (HIBP), which allows users to ascertain if their personal information has been compromised or not, first exposed this global data theft - named Collection #1 - on Thursday.

“Collection #1 is a set of email addresses and passwords totalling over 2 billion rows. It's made up of many different individual data breaches from literally thousands of different sources,” said Brisbane-based security researcher Troy Hunt, who runs HIBP.

The cache of emails and passwords in Collection #1 have been built up from numerous data breaches, across various countries, over a decade.

Separately, the California-headquartered Reddit - a social news aggregator, web content rating and discussion website - restricted some users from accessing their accounts and asked them to change their password after detecting some unusual activity on the site last week.

The average cost of data breaches in Gulf region’s two biggest economies – the UAE and Saudi Arabia – was $5.31 million in the first half of 2018, a 7.1 per cent year-on-year increase, according to a study conducted by tech giant IBM Security and Michigan-based Ponemon Institute that was released in July last year.

The UAE witnessed one of the biggest data breaches of the decade in the first half of 2018, when ride-hailing firm Careem admitted the theft of personal data of up to 14 million of its customers.

“Data breaches occur through weak credentials, poor password policies, lack of multi-factor authentication, unnecessary exposure of systems and services to the internet or unpatched vulnerabilities,” said Alex Hinchliffe, threat intelligence analyst at Unit 42 - a threat research team at American cybersecurity firm Palo Alto Networks.

“Addressing some of these very basic cyber hygiene factors would significantly strengthen an organisation’s defences,” he added.


Read more:

Cyber risk and disasters top fears for businesses in 2019

Z Services to start offering consumer solutions by mid-2019


Allianz Risk Barometer 2019, an annual corporate risk survey, has put cyber threats as the top commercial risks globally this year and beyond.

“Cyber risk has been a major risk for a number of years, but as with any new risk it has struggled with awareness,” said Marek Stanislawski, deputy global head of cyber at Allianz Global Corporate & Specialty.

“We have now reached a point where cyber is as equally concerning for companies as their major traditional exposures.”

Updated: January 18, 2019 02:35 PM