Change Your Passwords ASAP: Millions of Gmail and Yahoo Account Details are Being Sold on the Dark Web
References to the “dark web” conjure images of illegal activity and extra-jurisdictional transactions that defy conventional standards of law and order. The dark web’s value is in its ability to provide near-total anonymity to internet users who need to connect with the online universe without exposing their identities. That anonymity, however, holds great appeal for lawbreakers who use the dark web to ply their trades.
In 2013, Adobe Systems suffered a data breach that exposed personal account information for more than 38 million users. In 2012, LinkedIn suffered a data breach that, according to early reports, exposed account information of more than 6 million users. Later reports put the number of affected LinkedIn users at more than 110 million. Both companies might have thought that they had stemmed the tide of damage from those data breaches, but their sense of relief was premature. The news agency, Hackread, reported that in early 2017, a hacker placed an offer on the dark web to sell millions of decrypted personal accounts from Adobe, LinkedIn, and other sources.
If you have a Gmail or Yahoo account, you should change the password for that account immediately, even if you had changed it more recently than 2012 or 2013 when the accounts were first stolen from Adobe or LinkedIn. A cyber thief can lurk in the background for several months or years to collect information from compromised accounts before selling those accounts and their associated information on the dark web.
The greater question is how individuals and business should amend their cybersecurity protections in response to this news.
Beyond just changing passwords, people can enhance their personal cyber security protection with stronger passwords and a password manager. Strong passwords are typically long strings of a random number, letters, and symbols. The downside of any strong password is that it will be difficult to remember. Even if a person can recall it, he or she will ultimately default to using the same password for every login, which itself is a significant risk. A password manager will avoid this problem by creating different strong passwords for each login while requiring a user to remember only one password that is used to access the manager.
Businesses have a different set of cybersecurity concerns that go beyond notifying customers of a breach and encouraging them to change their passwords. As the dark web sale of personal information makes clear, a data breach can have implications that stretch well into the future and beyond the business’s direct loss of customer information. Companies that experience data breaches or cyber attacks will incur direct losses from servers that are damaged or destroyed during the attacks and costs that are expended to shut the attack down. They can incur even greater third-party costs that are associated with reimbursing customers for their losses. A business can quickly establish a client reimbursement fund and attempt to stem the tide of customer losses as quickly as is possible but is can also incur liabilities for several years after the breach.
Cyber liability insurance can protect a company from those ongoing losses. Corporate accountability and casualty insurance can be provided under either an “occurrence” or a “claims made” basis. Because data breaches might go undetected for months or years, cyber liability insurance is almost always written as a “claims made” policy. This means that a cyber liability policy might provide coverage for losses that a business incurs when a claim is made, even several years after the data breach that gives rise to those losses.
A company that is procuring a cyber liability insurance policy should check with its agent over the extent of its “claims made” coverage. That coverage might still limit the available benefits, but businesses can negotiate special protection for losses associated with known cyber security events that occurred even several years before the insurance policy takes effect.
We hope you found the above promoted content as entertaining and helpful as we did!
For similar stories check out this Top 5 Innovation Speaker‘s blog!