Graham Cluley reported on this phishing email today:

It’s an attempt to source account information from the recipient. Fortunately as Graham points out it’s not the most professional of executions:

1. You would have to not question why the Yahoo Webmaster Team is emailing you.. especially as it wasn’t sent to a Yahoo email address.

2. You would have to overlook that the bad guys didn’t even bother to forge the message to look as though it came from a Yahoo domain

If hackers were as good as this individual we wouldn’t have to worry about identity theft.

In July of this year an ex-employer at Goldman-Sachs was reported to have stolen code behind Goldman-Sachs propriety trading software. November of this year saw the largest breach of data in the UK when over a million customer records were alleged to have been stolen by a T-Mobile employee and sold on to rival firms.

All data has value and if someone pays the right price its not uncommon to find someone willing to breech company policy and turn a blind eye to any consequences if caught stealing.

Data Use in the Company ?
We entrust organisations with our personal data and in return we expect them to keep our data secure, private and to not share with others without our consent.  The thought of an employee abusing the information we willingly give over is something we rarely ever consider. However few organisations themselves know how this data is handled inside. The good news is, technology exists that can help, that can assist in reducing data loss, keep prying eyes away and entrust only the right personal to access personal data.

Inside Data Protection
Data Loss Prevention (DLP) technology has been around since 2006 and has is gaining speed with each passing year. DLP tech at a high-level discovers, monitors and protects sensitive data. Advances in this area have moved so far on that this statement probably doesn’t do the area any justice but suffice to say data stored, in use and even in transit can be managed, allowing identification of unexpected usage patterns; those accessing records more than they need to or at unusual times.

Outside Identity Protection
Identity and Access Management (IdM/ IAM) technology is another technology that has been around for several years and gained significant traction. Where DLP technology focuses primarily on data, its accessibility and authorisation IdM like Pramatr IdM is concerned with restricting access to data at the identity layer. Through managing access, authorisation, authentication across identity silos Pramatr IdM can help identify unusual access patterns, unexpected access times and even those trying to get access to unauthorised areas.

With data theft  on the rise, and cases like these ever more tempting its time to take a proactive approach to data protection both inside and out.

Recently 10,000+ Yahoo!, Hotmail, Gmail, AOL, Earthlink and Comcast etc. accounts were compromised through phishing scams and uploaded to places such as pastebin. Mass pandemonium ensued, various sites and even radio and television announced the breaking news. In one respects the scale of the hack was quite significant, the numbers quite hard to comprehend but should we be recording this hack into the records books just yet ?

A Record Breaker ?
According to Rik Ferguson, a security researcher at Trend Micro, the number of accounts is not all that special  its, “simply the ugly backside of online crime sticking out of the water for a second as they dive back into murkier depths“. On a regular day around the hacking ether you can found compromised accounts being sold and shared, the numbers often go beyond the reported 20-30000 hacked. For spammer’s a collection of compromised accounts helps increase the chances of success, each account has an address book brimming with lists of trusted contacts waiting to fall victim.

So we don’t need to record this number just yet, however if we remember only accounts starting with the letters A and B have only been made public so far, maybe a taste for more to come ?

Cost of Accounts
To further add salt to the wound the actual financial reward of these 10,000 accounts is quite nominal. A quick look reveals 1,000 hacked accounts are charged at $15, taking the dealers bulk order discount, for 10,000 hacked accounts it costs you $120 with a 100% replacement guarantee if any accounts is invalid – with a great deal like that these hackers should be out selling cars!

It seems a measly 10,000 accounts isnt even worth getting out of bed for.