In response to The 773 Million Record "Collection #1" Data Breach, an expert with OneSpan offers perspective and advice:
Will LaSala, Director of Security Solutions, Security Evangelist, OneSpan says: This is a colossal breach. Those impacted should act fast to change any reused passwords, as the exposed credentials can be used by criminals in credential stuffing attacks to cause maximum damage across multiple other accounts. And with criminals trading assets in underground forums, data from this breach could easily be cross referenced with information lying elsewhere to bypass authentication. For the more high-risk accounts like banking accounts, this poses a very real fraud threat.
If this doesn’t highlight the need for security reach beyond the password, then not much else will. We should know by now that using a combination of multiple, layered authentication technologies gives companies, and users, the best chance. Banks especially should be upgrading their authentication procedures to more intelligent methods to mitigate the fraud risk in the aftermath of attacks such as this. This technology should combine multiple authentication techniques, whether that’s fingerprints, behavioral biometrics or one-time passwords.