Interest Groups

You Can’t Secure 100% of Your Data 100% of the Time - E-Discovery, Information Governance & Cyber Security Section News

Upcoming Events

{{#if events}}
{{#events}}

{{moment startDate format='dddd, MMMM DD - h:mm A'}}

{{{truncate title 75}}}
{{/events}}
{{/if}}

Recent News

{{#if blogEntries }}
{{#blogEntries }}

{{moment publishDate format='dddd, MMMM DD'}}

{{{truncate blogTitle 75}}}
{{/blogEntries }}
{{/if}}

Products & Services

Get the news you want the way you want it: click the RSS button in the right corner to add this feed to your RSS reader, or click here to subscribe to this content. By subscribing, you’ll find this news on your Member Account page, and the latest articles will be emailed to you in your customized IndyBar E-Bulletin e-newsletter.

E-Discovery, Information Governance & Cyber Security Section News

You Can’t Secure 100% of Your Data 100% of the Time

Posted on: Jan 2, 2018

Over three billion credentials were reported stolen last year. This means that cybercriminals possess usernames and passwords for more than three billion online accounts. And that’s not just social media accounts; it’s bank accounts, retailer gift card accounts with cash and credit cards attached, airline loyalty accounts with years of accumulated frequent flyer points, and other accounts with real value.

This statistic is alarming, but in fact it significantly understates the scope of the threat. Because of a form of attack called credential stuffing, tens of billions of other accounts are also at risk. Here’s how that attack works. Because most people have many online accounts (a recent estimate put it at 191 per person on average) they regularly reuse passwords across those accounts. Cybercriminals take advantage of this. In a credential stuffing attack, they take known valid email addresses and passwords from one website breach—for example, the Yahoo breach—and they use those same email addresses and passwords to log in to other websites, such as those of major banks.

Read more here.

This article was submitted by Jonathan T. Armiger, Armiger Law. If you would like to submit content or write an article for the E-Discovery, Information Governance & Cybersecurity Section, please email Kara Sikorski at ksikorski@indybar.org.

DID YOU KNOW?

Indianapolis Bar Association (IndyBar) est. 1878 | 4,536 Members (as of 2.11.21)

Connect With Us

Contact us for information on membership, events, sponsorship and more.

Contact

Email: iba@indybar.org

Phone: (317) 269-2000

Fax: (317) 269-1915

140 N. Illinois St., Indianapolis, IN 46204

Find Us On

©2018 Indianapolis Bar Association. All rights reserved. Use of this website constitutes acceptance of our Terms of Use and Privacy Policy. Read our IndyBar Listserv Guidelines.

IndyBar Review, Legal Line and Ask a Lawyer are registered trademarks of the Indianapolis Bar Association.