Hackers trade emails and passwords of British politicians
The Times has reported that hackers are trading email addresses and passwords belonging to thousands of British politicians, ambassadors and other top officials online.
The newspaper conducted an investigation, which found two massive lists of stolen credentials were put up for sale or traded on Russian-speaking hacking sites, which included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office officials.
Ryan Wilk, Vice President at NuData Security, said: "Data in the wrong hands can have a huge impact. Email addresses and password information, combined with other data on the consumer from other breaches and social media, builds a more complete profile. In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for myriad criminal activities, both on the Internet and in the physical world. Using these real identities, and sometimes fake identities with valid credentials, they’ll take over accounts, apply for loans and much more. Every hack has a snowball effect that far outlasts the initial breach.
All personal information is valuable to fraudsters. Names, physical and email addresses, passwords, the content of emails - everything that can be used to compile an identity will be used. We must change the current equation of 'breach = fraud' by changing how we think about online identity verification. We need to protect all consumer data, but more importantly, we need to make it valueless.
The technology exists right now that prevents fraudsters with stolen valid credentials from accessing accounts because they can't replicate the real users’ behaviour.
Analysing user behaviour with passive biometrics is completely invisible to real customers and fraudsters alike. It has the added benefit of providing valid users with a great experience without the extra friction that often comes with other consumer identification techniques. When fraudsters try to use stolen consumer data or login credentials, they will find the data is useless. The balance of power will return to consumer protection when more companies implement such techniques and technology.”