Additional Collection of 2.2 Billion Unique Usernames and Passwords “Goes Public”
Two weeks ago, we reported that approximately 773 million records aggregated from past data breaches were made publicly available after years of lurking around the Dark Web. Now, another mega-collection aggregated from four smaller collections adds another data dump of 2.2 billion unique usernames and passwords to the mix. According to Wired, “Despite its unthinkable size, which was first reported by the German news site Heise.de, most of the stolen data appears to come from previous thefts, like the breaches of Yahoo, LinkedIn, and Dropbox. Wired examined a sample of the data and confirmed that the credentials are indeed valid, but mostly represent passwords from years-old leaks. But the leak is still significant for its quantity of privacy violation, if not its quality.”
Senators Cornyn and Heinrich Introduce “Pipeline and LNG Facility Cybersecurity Preparedness Act”
As concern increases about our cyber-readiness to protect critical infrastructure such as oil and natural gas pipelines, Senators John Cornyn (R-Texas) and Martin Heinrich (D-New Mexico) introduced the bipartisan Pipeline and LNG Facility Cybersecurity Preparedness Act last Thursday. According to a press release, “The Pipeline and LNG Facility Cybersecurity Preparedness Act would require the Secretary of Energy to carry out a program in consultation with federal agencies, states, and the energy sector to ensure the security, resiliency, and survivability of natural gas pipelines, hazardous liquid pipelines, and liquefied natural gas facilities.” The Houston Chronicle notes, “Authority over pipeline security now largely resides with the Transportation Security Administration, a division of the Department of Homeland Security. But TSA's capability has come under fire. Federal Energy Regulatory Commissioners Neil Chatterjee and Richard Glick last summer wrote an op-ed claiming that TSA only had six full-time employees monitoring U.S. pipelines, despite [having] responsibility for more than 2.7 million miles of infrastructure.”
“Worldwide Threat Assessment of the US Intelligence Community” Highlights Cyber Threats from Nation States
Dan Coats, Director of National Intelligence, recently submitted the annual “Worldwide Threat Assessment of the US Intelligence Community” that includes cyber threats from nation states. According to the report, “The potential for surprise in the cyber realm will increase in the next year and beyond as billions more digital devices are connected—with relatively little built-in security—and both nation states and malign actors become more emboldened and better equipped in the use of increasingly widespread cyber toolkits. The risk is growing that some adversaries will conduct cyber attacks—such as data deletion or localized and temporary disruptions of critical infrastructure—against the United States in a crisis short of war.” The report goes on to assess specific threats from Russia, China, Iran, North Korea, terrorists, and criminals.
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week:
Orange Cyberdefense Acquires SecureData
According to a press release on Friday, Orange Cyberdefense announced the acquisition of SecureData Group for an undisclosed amount. UK-based company SecureData is the largest independent cybersecurity service provider in the UK. The company has a 25-year track record of providing integrated cyber solutions designed to assess risks, detect threats, protect customer’s IT assets and respond to security incidents. The company’s elite consulting arm, SensePost, enjoys a worldwide reputation for its expertise in cyber-criminality, security research, and penetration testing. With this acquisition, Orange Cyberdefense gains a bigger presence in the European security services market.