CyberScoop reports that the massive data breach noted by Cybernews researchers and Bob Diachenko to have exposed over 16 billion credentials was regarded by various cybersecurity and incident response experts as having been overstated.
While the leak could have been the largest data breach yet, most of the records have been recycled from previous breaches, with Diachenko later admitting the inclusion of all exposed data since the beginning of the year. " This cache of around 16 billion credentials reflects around 30 separate databases, stealer logs compiled over years lots of overlap, much of it old," said Rapid7 Senior Director of Threat Analytics Christiaan Beek. Such exaggerated leak claims were also noted by Sophos Director and Global Field CISO Chester Wisniewski and Recorded Future threat intelligence analyst Allan Liska to distract from legitimate data breaches. "The real lesson that should be learned from this is the pervasiveness of infostealer malware and how people and organizations should be protecting against this type of malware. The fact that someone was able to put together 16 billion records from, essentially, table scraps shows how big that problem is," said Liska.
While the leak could have been the largest data breach yet, most of the records have been recycled from previous breaches, with Diachenko later admitting the inclusion of all exposed data since the beginning of the year. " This cache of around 16 billion credentials reflects around 30 separate databases, stealer logs compiled over years lots of overlap, much of it old," said Rapid7 Senior Director of Threat Analytics Christiaan Beek. Such exaggerated leak claims were also noted by Sophos Director and Global Field CISO Chester Wisniewski and Recorded Future threat intelligence analyst Allan Liska to distract from legitimate data breaches. "The real lesson that should be learned from this is the pervasiveness of infostealer malware and how people and organizations should be protecting against this type of malware. The fact that someone was able to put together 16 billion records from, essentially, table scraps shows how big that problem is," said Liska.
