Better Safe Than Sorry: Millions of Reportedly Stolen Passwords Mean It’s Time for Updates


May 16, 2016

Recently, yet another cybersecurity threat seemed to materialize and disseminate scores of sensitive information almost overnight. Accounts affected ranged from Google to Yahoo. Initially, experts feared that hundreds of millions of sensitive account numbers and passwords had been compromised.


Fortunately, reports of this most-recent cyber invasion appear to have been a bit inflated. As it turns out, a majority of the information was inaccurate and obtained from less-secure third-party sites. Many of the passwords were incorrect and the account numbers turned out to be obsolete. In fact, one of the email providers—, based in Russia—confirmed that only 0.018% of the email-password combinations were accurate and current.

Additionally, it wasn’t the large-scale attack as previously thought—it was a compilation of smaller data stashes from less-secure sites, made to look by a particularly savvy hacker like he had scored big time. The hacker—known in an online forum as “The Collector”—created a database from smaller compilations of hacked information to garner attention and get social media brownie points in return for offering up the stolen information.

Despite the fact that this latest cyber-security scare turned out not to be “the heist of all heists,” there is still an important lesson to be learned here: the speed and effectiveness with which the young Russian hacker spread the news of his corruption and the widespread response he received serves to remind us of what exactly can go wrong in those potential worst-case scenarios. If the hacker had gotten his hands on accurate data as the result of a large-scale attack, and the account information had been current—the speed with which he could have spread financial destruction would have been impressive. He could have breached massive amounts of clients’ personal information, at least temporarily.

The appropriate response here is not to simply look the other way regarding this seemingly bogus attack. A responsible approach to this type of situation is to take preemptive action against system vulnerabilities. Business users should make sure employees:

  • Update operating systems when requested.
  • Download security fixes when they become available.
  • Keep away from spammy, phishing emails.
  • Don’t visit suspicious websites or corrupt downloads.

Additionally, all business users should protect sensitive password and account information by regularly updating and changing their online credentials—and never use the same information across multiple sites.

Perhaps most importantly, business users should take advantage of a website’s 2-factor (2FA) and multi-factor authentication options for even more enhanced password security. A multi-factor authentication process is based on three categories:

  • The Knowledge Factor: Like traditional single-factor authentication protocols, the knowledge factor represents only information a user “knows” like user ID and password information. This is considered the most easily hacked password type.
  • The Possession Factor: The possession factor refers to something the user physically possesses, such as a hardware device, credit card security code, or single-use passcode. Used in conjunction with the knowledge factor, the combination can provide two-factor authentication, which is considered more secure than the typical user ID and password combination.
  • The Inherence Factor: This is typically derived from user biometric information, such as a thumbprint or retina scans. This is considered the most secure of the three factors, and when used in combination with the above two factors, can provide a high level of security.
    Though these types of authentication require more steps than a single-factor authentication process, the problems this type of enhanced validation can save you and your business down the road is well worth the extra effort.

Integris is the trusted choice when it comes to keeping our clients’ ahead of the latest information technology tips, tricks, and news. Contact us at (888) 330-8808 or send us an email at [email protected] for more information.

We're Integris. We're always working to empower people through technology.

Keep reading

What to Know Before Installing Co-Pilot for Microsoft Word

What to Know Before Installing Co-Pilot for Microsoft Word

Imagine having an AI assistant that pulls from your notes, marries them to an existing document format, and writes a document for you. That's the power of Copilot for Microsoft Word, which is planned for rollout in 2024 for those who buy the Copilot M365 license....

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...