Threat Intelligence

5/8/2018
05:30 PM
50%
50%

8.7B Identity Records on Surface, Deep, Dark Webs in 2017

The 4iQ Identity Breach Report shows a 182% increase in raw identity records discovered by its team between 2016 and 2017.

Threat intelligence firm 4iQ detected and verified more than 3 billion identity records curated from 8.7 billion raw records in 2017. The company today released its 2018 Identity Breach Report, which digs into the details of nearly 3,000 breaches it discovered last year.

As the quantity of breaches has increased each year, so has the number of records exposed in each one. 4iQ collected its data using "automated crawlers and subject matter experts" tasked with monitoring the surface web, social media, black markets, underground communities, and the Deep and Dark Webs. Data is from open sources and exposed to threat actors.

4iQ points out two reasons for the 182% increase in raw identity records discovered by its team between 2016 and 2017. The first is growth in the number and size of breaches affecting personal data, including usernames, passwords, and other confidential information. Within underground communities, these types of breaches made up 44% of the 8.7B record total.

The second is the growth in accidental record exposures that commonly stem from poor security measures, which leave data open to third parties. These slip-ups led to the exposure of 4.9B raw identity records in 2017, researchers report.

Read more details and check out the report here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17182
PUBLISHED: 2018-09-19
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations...
CVE-2018-17144
PUBLISHED: 2018-09-19
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...