It’s always better to be safe than sorry.

It’s an adage that can keep you out of a lot of trouble, and it’s definitely one to take seriously when discussing cyberthreats.

A person’s digital life is incredibly important, and the dangers one faces when their digital life is compromised can be devastating.

By having your accounts compromised and personal data exposed, you can have your identity stolen and potentially lose a lot of money. 

It’s why you should always take the extra step to protect yourself whenever you hear about a data breach where you may be affected, even if you don’t receive a data breach notification letter.

Take the time to change your passwords. Implement multifactor authentication on your accounts. Limit the amount of people who can see your social media posts. These simple tasks could save you a lot of headaches, time and money down the line.

In this installment of the BlackCloak Thursday Threat Update, we’ll cover a massive password leak and a data breach affecting a cloud communications provider.


Billions of passwords leaked on hacking forum

What we know: An unknown individual has leaked nearly 10 billion passwords on a popular hacking forum. The dataset has seemingly come from a number of past data breaches, and were found in a plaintext format. Researchers note the individuals who are in most danger from the leak are those who reuse passwords for multiple accounts, as these could be leveraged for credential stuffing attacks.

Recommendations: As always, it’s highly recommended that you create a strong, unique password or passphrase for all of your online accounts. By doing so, you would only need to secure one account following a data breach rather than several. It’s also a good idea to store these passwords in a password manager, and to implement multifactor authentication on all of your accounts where available. That way, even if a cybercriminal were to gain access to your login credentials, they would be unable to access your account without the second layer of authentication.


Twilio experiences breach through authentication app

What we know: Cloud communications provider Twilio disclosed it experienced a data breach after unknown actors took advantage of an unauthenticated endpoint from the authentication application Authy. The cybercriminals shared 33 million phone numbers on a hacking forum stemming from the breach.

Recommendations: In its security alert on the breach, Twilio recommends updating to the latest version of Authy as soon as possible, and has included links on how to do so for both Android and iOS users. As phone numbers were exposed in the breach, be on the lookout for SMS text messages that are actually part of a phishing campaign, a tactic known as “smishing.” Bad actors may try to impersonate Authy or other legitimate entities to try and entice you into turning over personal information and possibly even money.


Stay safe this summer

As vacation season rolls around, it’s still important to stay aware of cyberthreats. Cybercriminals do not take the summer off. In fact, this is one of the busiest times for bad actors to conduct their scams.


Follow this cybersecurity checklist for preparing your devices for travel, and learn how a ban on indoor security cameras from Airbnb affects your personal cybersecurity.


Get a demo