If you thought you’ve seen the end of the Monster Breach, then you’re sadly mistaken. Apparently, Collection #1 is just a fraction of what the Monster breach is all about.
Data Dump Breach is Bigger Than We Expected
Data Dump Breach
The Authentication security vendor Authlogics claims that the data from the Collection #2, 3, 4, and 5 are in its possession. It is also loading it into its breached password database. The security vendor estimates the new collection of data to be around 784GB, which is nine times the size of Collection #1. In fact, it could contain over seven billion records in its raw state.
The Monster Breach
According to experts, the Monster breach is just a small part of a major 871GB loot. Collection #1 is up for sale on the dark web and could potentially contain billions of records. Researcher Troy Hunt was the first who took notice of the cyber breach. He found that it included nearly 773 million unique email addresses and over 21 million “dehashed” passwords. Thankfully, the data was later revealed to be two to three years old, gathered from multiple sources. The cyber-criminal disclosed that all the other packages they have up for sale are less than a year old and in total over 4TB in size.
Security experts, Trend Micro claimed: “Because of the volume of data breaches in the past years and the likelihood that cyber-criminals will find a lot of users recycling passwords across several websites, we believe that we will see a surge in fraudulent transactions using credentials obtained by cyber-criminals from data breaches.Cyber-criminals will use breached credentials to acquire real-world advantages such as registering in mileage and rewards programs to steal the benefits. They will also use these accounts to register trolls on social media for cyber-propaganda, manipulate consumer portals by posting fake reviews, or add fake votes to community-based polls — the applications are endless.”
Users need to turn their attention to security by investing in password managers for all their main online sites/accounts. Additionally, they must opt for multi-factor authentication where it’s available. A security vendor predicted that credential stuffing tools would increase among the black hat community. These cybercriminals are looking to profit off the dumps of breached and stolen data.