The Australian Cyber Security Centre (ACSC) is aware that the so-called Collection #1 data dump of stolen credentials has now been followed by the release on the dark web of Collections #2, #3, #4 and #5.
All 5 collections add up to 1 terabyte in size with 100 billion records in total.
The lists include combinations of a large number of user credentials, including usernames and both hashed and plaintext passwords. Unlike other data breaches, this breach cannot be tied down to one site. Instead, it appears to comprise multiple historical breaches across a number of websites/services.
The ACSC has issued direct notifications to the owners of Australian servers identified in Collection #1.
‘There are simple steps you can and should take immediately if you have been compromised. Change your passwords, and don’t re-use passwords and email addresses across multiple sites,’ said Head of the ACSC, Alastair MacGibbon.
As an organisation, here's what you should do
- Identify if your organisation has been caught in the breach by using the Domain Search function on the Have I Been Pwned website.
- Reset passwords for affected users as a precaution.
- We recommend that you notify your users of the breach as they may have reused those passwords.
- Advise users that they can check if their accounts and passwords have been compromised via the Have I Been Pwned website.
- Organisations should have multi-factor authentication enabled.
- We recommend organisations implement a policy whereby staff do not use their corporate credentials on public websites, and follow their workplace’s security posture regulations.
- Our Protecting Web Applications and Users and Secure Administration webpages contain a wealth of information that may be of assistance in securing your systems and networks.
- To prevent this type of activity affecting your organisation, the ACSC recommends you review and implement the ACSC’s Essential Eight Strategies to Mitigate Cyber Security Incidents where applicable.
- We also recommend you review any available logs for ongoing malicious activity.
- We strongly encourage ICT security staff to check Pastebin and similar password dumping sites on a regular basis for potential compromises of corporate credentials.
As an individual, here's what you need to know
- To find out if your email has be compromised go to the Have I Been Pwned website.
- There are some simple steps you can take to help keep your information safe:
- Use strong passwords and use a password manager to assist you with not re-using the same password on multiple websites.
- Change your password on any accounts where you may have used the same email and password combination.
- Use multi-factor authentication where available to give your accounts an extra layer of security.
- If you are concerned that your personal information has been compromised and misused, you can contact Australia’s national identity and cyber support service, IDCare, or use their free Cyber First Aid Kit.
- If you have been a victim of a cybercrime such as fraud, report it to the ACSC at ReportCyber.
Have I Been Pwned: www.haveibeenpwned.com
Troy Hunt 'Collection #1' blog post: www.troyhunt.com/the-773-million-record-collection-1-data-reach