Reuters - Video

Edition: US | UK | IN | CN | JP

Finance Videos

Carbon Black's Ben Johnson on e-mail data breach

Wednesday, May 04, 2016 - 04:33

Ben Johnson, chief security strategist at Carbon Black talks with Bobbi Rebell about the huge data breach that may have impacted millions of e-mail accounts, including Yahoo, Microsoft and Google.

▲ Hide Transcript

View Transcript

A huge data breach found at major email services according to security expert Alex Holden. Hundreds of millions of hacked user names and passwords for services that include the largest Russian email service but also. Microsoft Yahoo! and Google here with Moore and Johnson he's chief security strategist and co-founder and carbon black. He joins us from our Chicago bureau great to have Acer. Thank you for I mean. Our exit 272 million fill out online account apparently being traded in Russia's criminal underworld is according to the sport or source. How'd this happen what do we know. Really we don't know if it's on. There's just a lot of this trading going on throughout the criminal organizations and they are becoming more and more sophisticated more and more like. He organized crime that you see on TV. And unfortunately this is very common is this becoming a systematic and how serious is that what are they exactly do what's at stake here. Well when you get a large cache of email. Accounts like this and actually emails really be calm. You or most valuable account you most valuable online apps that they can really use some force spam. To log in and spread to people you know to try you're. You know username and password as the credentials for other web sites so there's a hole. Or for a things they can try it. So what happened. What do people do let me look at. Well first you really need to change your expert and in fact you need to change prosper pretty frequently. And secondly you should never reuse passwords across writes that's. Really one of the reasons why a lot of compromise a lot of cybercrime. Occurs is because we've reduced prospered so illegal logging and change your password but then most of these services also tell you. If someone's been logging in using your count from. You know different country you're different IP address. So US companies. And companies Microsoft Google what are they saying about the charity doing it seriously. Yeah they're taking it seriously but. Unfortunately it happens so often it. It's hard to do more than encourage. Install. Things like two factor authentication. Where you have to use your phone in order to log in. And then they can actually try the username and passwords to see if it's cards or maybe it's from you know a year. Apparently somebody's. Where that some of the targets of this firm plays at some large US banks manufacturer's retail companies. Is there any sense that that they are targeting any specific groups that they're going after that may be more vulnerable or have more valuable information. So ultimately the target will be. Employees or data that's valuable. Well usually you start off just collecting whatever you can and then narrowing that down finding what's in this you know big. Gold mine that you caught and then going from there and getting better and better hours ago. Ultimately is there anything that these companies can do whether that you are advising people to do that to factor authentication that kind of stuff. Can someone that's truly determined to get into these accounts be stopped. How vulnerable our week. Where unfortunately really vulnerable human being you know in the US or western nations. But with two factor authentication with changing passwords. Whip these big providers forcing you to change your count. Every you know thirty years ninety days. At least mitigates the risk law. If any sense what this could cost. On hold the value of this information and what kind of any human life at stake do. I haven't heard any specific numbers but it's. In the millions. In terms of what's potentially. At risk. Whether or not that's actual eyes. Is left to beat her determined but you know it. If they use your credentials to log in your business even though it was a personally you know that was compromised. Then you know who knows you know the billions of dollars back and. Thank you so much. Thanks to Ben Johnson of carbon black body propelled this is Reuters.

Press CTRL+C (Windows), CMD+C (Mac), or long-press the URL below on your mobile device to copy the code

Carbon Black's Ben Johnson on e-mail data breach

Wednesday, May 04, 2016 - 04:33