Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DarkBeam. Show all posts

Darkbeam Data Breach: Billions of Usernames and Credentials Exposed Online


In a massive security breach, digital risk protection company ‘DarkBeam’ has lost billions of its users’ usernames and passwords that are now at high risk of getting leaked online. 

Apparently, the breach was first discovered on September 18 by Bob Diachenko, CEO of security company Security Discovery.

While the database is adequately secured now, at the time of the attack, over 3.8 billion user data was left unattended online making it accessible to anyone.

It is important to note that each one of the stolen passwords and email addresses in this database actually came from earlier data breaches. Although this is likely that this leak also impacts non-customers, it appears that DarkBeam has been gathering this data to notify its customers about potential data breaches.

These kinds of releases are frequently the result of hacking, as has earlier been observed with the most recent TMX Finance data breach. 

However, this does not appear to be the case this time. As Diachenko notes, human mistakes can lead to data leaks like this one, such as when a worker forgets to password-protect a sizable database containing critical information.

Even if a user has not heard of DarkBeam before, it is very possible that his login credentials are not exposed, since this leak includes usernames and passwords from both reported and unreported data breaches.

To address the matter, DarkBeam spokesperson released a statement, saying: 

"A third-party researcher notified us of a single unprotected instance containing a compilation of publicly available data collected by a DarkBeam researcher in 2020. We immediately closed access to this instance which contained research on previously discovered cyber breaches occurring between 2018 and 2019 and was created for the purpose of developing DarkBeam’s compromised accounts identification tool prior to the launch of our platform. No DarkBeam client information or data related to our systems was exposed and there is no evidence of unauthorized access except on September 19th by the researcher.”

How to Check if a User’s Credentials Are Exposed 

In cases, such as this one, where a news break of a data leak, it is a good idea for users to check if their own credentials were lost. 

There are various ways to do this, such as using Troy Hunt's well-known HaveIBeenPwned or Mozilla's Firefox Monitor. 

Tools mentioned above can easily let a user know if their credentials have been compromised. This way, one can manually alter their credentials to evade risk. One can also utilize some of the best-known password managers in case they believe that the aforementioned methods are time-taking. Password managers will change a user’s password automatically, thus saving their effort.