Last week, a massive (90GB, 103M record on some 22M email addresses) database breach from an unknown source was disclosed by the website: HaveIBeenPwned.com.
What is known by security experts at this time:
• Breach is being labelled as “db8151dd” and is from an unknown source.
• Data is from a yet another system that was utilizing a data aggregation and correlation suite called ‘Elasticsearch.’
• This is a complex data collection and correlation system that can take things like names and email addresses, correlate them with other systems (like social media) to provide relational info and correlation between those contacts.
• Contents include in some cases: email addresses, job titles, names, phone numbers, physical addresses and social media profiles.
• Not all entries have all this information as it appears to have been gathered from client management system(s).
• In some cases, there are some very specific bits of information, examples provided:
• Recommended by Andie [redacted last name]. Arranged for carpenter apprentice Devon [redacted last name] to replace bathroom vanity top at [redacted street address], Vancouver, on 02 October 2007.
• Met at the 6th National Pro Bono Conference in Ottawa in September 2016.
• Met on 15-17 October 2001 in Vancouver for the Luscar/Obed/Coal Valley arbitration.
What this will mean for you, if your email address is in the breach:
• Hackers will now have more information to either impersonate you or to use in a phishing attempt against you.
• There is more correlated information tying you to other organizations or contacts so attackers can use loose associative information, such as ‘met at the conference in Ottawa in 2016’ or ‘we did “x” for you in the past’ to gain a false sense of trust.
There is nothing specifically that you can do to protect yourself from this breach, beyond being careful and aware of what you share on sites like: LinkedIn, Facebook etc. or with vendors in the future.
If you are interested to know if you are affected by this or other events in the past, go to https://haveibeenpwned.com/ and enter your email address(es). This website will reveal if you have been affected but not with specific details. The details for this specific breach have been intentionally removed to protect privacy and security and will not be released.