Interest Groups

You Can’t Secure 100% of Your Data 100% of the Time - E-Discovery, Information Governance & Cyber Security Section News

Get the news you want the way you want it: click the RSS button in the right corner to add this feed to your RSS reader, or click here to subscribe to this content. By subscribing, you’ll find this news on your Member Account page, and the latest articles will be emailed to you in your customized IndyBar E-Bulletin e-newsletter.

E-Discovery, Information Governance & Cyber Security Section News


Posted on: Jan 2, 2018

Over three billion credentials were reported stolen last year. This means that cybercriminals possess usernames and passwords for more than three billion online accounts. And that’s not just social media accounts; it’s bank accounts, retailer gift card accounts with cash and credit cards attached, airline loyalty accounts with years of accumulated frequent flyer points, and other accounts with real value.

This statistic is alarming, but in fact it significantly understates the scope of the threat. Because of a form of attack called credential stuffing, tens of billions of other accounts are also at risk. Here’s how that attack works. Because most people have many online accounts (a recent estimate put it at 191 per person on average) they regularly reuse passwords across those accounts. Cybercriminals take advantage of this. In a credential stuffing attack, they take known valid email addresses and passwords from one website breach—for example, the Yahoo breach—and they use those same email addresses and passwords to log in to other websites, such as those of major banks.

Read more here.

This article was submitted by Jonathan T. Armiger, Armiger Law. If you would like to submit content or write an article for the E-Discovery, Information Governance & Cybersecurity Section, please email Kara Sikorski at ksikorski@indybar.org.

DID YOU KNOW?

Indianapolis Bar Association (IndyBar) est. 1878 | 4,536 Members (as of 2.11.21)