If it seems like data theft is on the rise, rest assured that it’s not just the imagination running wild: more than 6 million email accounts and their credentials have been snagged by crooks over the last three months.
That’s according to Heimdal Security, which said that around 150,000 account credentials are leaking each month, an explosion that the firm said is linked to the high number of data breaches that occurred in 2014. On average, the current or previous passwords of about 4% of emails are available on the e-crime scene, it said, and that right now it has spiked to 6%. So, a company with 1,000 employees would have 60 workers with leaked historic account details.
“The leaked accounts’ credentials come from corporate logins to private consumer emails, and to find more than 6 million accounts in just three months is quite a large number by any standards,” said Heimdal researcher Aurelian Neagu, in a blog. “This simply means that online criminals are right now using these credentials against you.”
Worse, in analyzing the statistics, it became clear that the 6 million accounts that have been stolen simply represent only a fraction of the actual problem.
“As a security company, it’s our job to emphasize this number only covers the last three months,” Neagu said. “The actual number could be more than 20 times higher.”
To protect one’s credentials and online security, the recommendations are a well-worn set of suggestions: consumers and employees alike should change their passwords regularly, and practice safe browsing practices.
Fortunately, consumer awareness is on the rise. There have been over 24,000 news stories about data breaches so far this year, according to research from Deloitte.
The business consultancy found via a Factiva search that there were 24,105 news stories in total on breaches between January and October — way higher than the 5474 reports last year and 4023 in 2012.
“It’s an extra mechanism that puts greater emphasis on organisations doing the right thing with data and being held accountable,” said Peter Gooch, privacy leader at Deloitte. “It is clearly building awareness, which is positive, but the tone of the reporting remains essentially negative, which contributes to a very pessimistic view — this may, indeed, be saturating the public consciousness,” he told Infosecurity.