98.1 Million Russian Email Users Increasingly Anxious After Data Breach Confirmed

Posted September 21, 2016

98.1 Million Russian Email Users Increasingly Anxious After Data Breach Confirmed

In the wake of another large data breach from a Russian email service provider, Rambler.ru, Russian end-users are increasingly concerned about the amount of personal data now available to cybercriminals.  Rambler.ru has stated that this incident occurred in 2014; the fact that this has only come to light now shows the vast amounts of data that can be stolen without public disclosure. In today’s hostile cyber threat landscape individuals are no longer in control of their own personal data.

Rambler.ru have been badly exposed by this hack due to the fact that they were storing passwords in plaintext. Rambler.ru have issued a statement saying that they have addressed this issue by moving to encrypting data and enforcing users to use new passwords. However, this does not address the serious implications of such a large-scale breach, which go beyond the security of an individual email account.

Rambler.ru users now vulnerable to attacks on other websites

Breached data is being used for large-scale identity attacks, as demonstrated by the latest data from the ThreatMetrix Q2 2016 Cybercrime Report. Fraud attacks are rising at a rate 66% year-on-year in Europe, fuelled by these incidents and the increasing sophistication of cybercrime tactics.

In the wake of a digital service such as Rambler being hacked, organizations across many industries are then flooded with fraudulent activity using stolen identity data. ThreatMetrix is seeing a huge rise in the number of automated bot attacks, which are being used to test stolen credentials before launching a fraud attack. In Q2 2016 ThreatMetrix detected 450 bot attacks – which was a 50% increase on the previous quarter this year.

Organizations are operating in a world of digital debris where they can no longer trust static credentials, such as the passwords breached in the Rambler.ru incident. Online businesses need to protect their account logins and transactions by adopting a contextual approach to authenticating their users.

How a digital identity approach to fraud prevention can help

Stolen passwords or credentials are readily exposed for the fraudulent identification they are when businesses take a holistic, digital identity approach to cybersecurity. At ThreatMetrix, we enable businesses being targeted with stolen credentials to effectively distinguish between trusted users versus fraudsters, by providing insight into true digital identity. Digital identities are stitched together by combining anonymized information on devices, identity information, user location and threat intelligence – information seen both at the time of the transaction and historical data which has been built up over time across the 40,000 websites and apps that the Digital Identity Network® protects.

This creates a profile that fraudsters can’t fake, made up of dynamic, shared intelligence that gets better over time. Transactions are verified in real time against trusted patterns of behavior: high-risk anomalies are accurately identified for review while genuine users experience minimal friction.

The four pillars of digital identity

Device: Device identification, device health and application integrity
Location: Detection of location cloaking or spoofing, (proxies, VPNs and the TOR browser)
Identity: Incorporating anonymized, non-regulated personal information such as user name, email address and more. Defining a pattern of trusted user behaviour by combining identity and transactional metadata with device identifiers, connection and location characteristics.
Threats: Harnessing point-in-time detection of malware, Remote Access Trojans, automated bot attacks, session hijacking and phished accounts, then combining with global threat information such as known fraudsters and botnet participation

Russian users will remain on high alert in the wake of the news that such a large number of records have been leaked on the web. Whilst individuals must consider where passwords have been re-used in order to mitigate any impact personally, other online businesses also need to ensure they are well equipped to differentiate between real users and fraudsters when transacting and interacting with their consumers online. Relying on passwords is no longer an option to keep digital services secure.

Andrey Kovalev

Andrey Kovalev

Subject Matter Expert, ThreatMetrix

close btn