It seems every aspect of our lives is available to be found somewhere on the internet. And the information available isn’t simply embarrassing browsing histories but ranges from our medical histories to the logon credentials we use to access many of our online services. This is certainly a privacy concern, but it’s also increasingly an enterprise cybersecurity hazard. The more information adversaries have about us, the more effectively they can target their attacks.
Consider the news that broke earlier this year regarding 2.2 billion unique usernames and passwords that came to light. These usernames and passwords emerged from the dark web and are being shared more openly throughout online hacker groups. As Wired’s Andy Green accurately put it, the credential troves threw “out the private data of a significant fraction of humanity like last year’s phone book.”
We can be confident that all of these emails and passwords have already been used to a great extent – both en masse against websites to try to break into online accounts and as part of spear-phishing attacks.