The year 2019 has just started but already there has been major news of IT security breaches that have made headlines: Collection #1 and Collections #2-5 that followed shortly thereafter. They showed once again how much e-mail is targeted by hackers and cybercriminals and how important it is to take e-mail security seriously to protect yourself and especially your data from attacks.

What happened?

In mid-January, it became widely known that vast collections of access information for e-mail accounts were posted on the internet. Overall, Collections #1-5 contain 2.1 billion different e-mail addresses plus their passwords. By now, the collections have also been made accessible to anyone on online sharing platforms. 

In Collections #1-5, information from different hacks in the past were collected and sorted into different categories, for instance into hacks of cloud services, career sites, online computer games, shopping sites, etc. This data had been available on the internet before, but not as a collection of this magnitude and categorized in such a meticulous way. It is important to note that the information stemmed from hacks from corporate targets, not from cyberattacks on private citizens. Therefore, users are not the ones to blame for the fact that this data ended up on the internet. However, to what extent this data can be used online is largely determined by the users’ own behaviour and companies creating good policies. 

What are concrete dangers of these hacks?

Collection #1-5’s enormous amount of data alone presents a significant danger, as they contain billions of e-mail accounts and therefore affect a very large number of people. 

In the best-case scenario for those affected: only their e-mail address is known, so spam is probably the only nuisance. Things are completely different if however the e-mail account and also the respective password is known. All private correspondence can then be read, and all data contained in the e-mail account can be used; for example, clues about the use of other online services such as social media or online shopping sites, which often contain password reset options.

Here, the user’s own behaviour is often a significant cause for great danger: Frequently, passwords are not strong enough, they are rarely (if ever) changed, and they are used for more than one online account. As a result, once a password for one account is hacked it can be used for accessing other accounts as well. 

Hackers know about this and use it to their advantage without any hesitation. This is particularly dangerous when personal information, such as credit card data, is saved on such accounts. Hackers do not shy away from attempts at credit card fraud or blackmail by using illegally gained personal data. In general, anyone who uses their e-mail address to authenticate themselves on the internet is vulnerable to such hacks

How can users protect themselves from these risks?

The most important measure is to choose a good password and most good services now guide users on the strength of passwords as you create them. When doing this it enhances the password’s security if the combination of its characters is random and if the password is longer. It is equally important to pick a different password for every single website (meaning for each and every online service you are registered to) and to change the password regularly. Since managing passwords can become confusing with a large number of registered user accounts, experts recommend using a password manager; preferably one that is stored locally on your own computer and not in the cloud. Another layer of protection is using an additional factor to supplement passwords. However, this so-called two-factor authentication unfortunately is far from being supported by all online services.  New technology is emerging that allows for a one time forever password, we will talk about this more later in this blog.

About this blog

With our software Cryptshare we enable our customers to share e-mails and files of any size securely in an ad-hoc way with a detailed audit trail and a strong ROI.

On our blog we write about email encryption, cybercrime, security gaps, malware, data protection and more. In short, anything about data security.

Follow us