Tuesday, February 11, 2014

[trusteer] How Third Party Database Breaches Lead Hackers to Your Data

Dana Tamir | February 05, 2014

The world’s second largest e-mail service, serving 273 million people worldwide, reported last week a breach into its users’ email accounts. In a blog posted by the company, Yahoo announced: "Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts." Yahoo did not disclose details of the attack but said, "the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise." Yahoo claims there is no evidence that the credentials were obtained directly from its own systems.
 
Unauthorized access to email accounts can lead to serious consequences, including identity theft and fraud. Searching through emails in a user’s account can expose a wealth of personal data, which can be used for developing spear-phishing messages and drive-by download attacks that infect user endpoints with advanced malware. The compromised email accounts can also be used to send out phishing emails that direct the user’s contacts to fake banking and shopping sites (phishing sites) where bank account and credit card details can be stolen. The fact that the email comes from a trusted source, someone the user regularly exchanges emails with, increases the chances that phishing email recipients will fall for the scam. Another option is to use the compromised email to gain access to other websites, where the attacker will try to login, and ask that a password reminder be sent to the compromised email.
 
Yahoo believes the stolen credentials were obtained through a third-party database hack. Many people reuse passwords across many sites, and a hack into a database of one website, exposing the user database behind the service, can provide the attacker the full list of the users, their email addresses, and their passwords. Using this information, the attacker can access other sites and services.
 
The Yahoo email breach demonstrates the importance of preventing password reuse. Organizations need to implement controls to prevent employees from reusing their corporate credentials across multiple accounts, especially using the same credentials for work related accounts and personal accounts. 
 
Trusteer Apex provides enterprise organizations with a simple solution to prevent corporate password reuse by verifying that corporate credentials are used only on approved corporate sites. If employees try to submit their corporate credentials on non-approved corporate sites, like e-commerce sites or social networks, Trusteer Apex will request that the employee use different credentials, preventing the login until other credentials are used. In addition, Trusteer Apex prevents malware delivery via phishing messages and weaponized content - a possible consequence of the email breach.

No comments:

Post a Comment