Blog

Company Notification – Important: CyberVor Data Breach

What you should know:

On August 5th, it was reported by Hold Security that a Russian hacker group they call CyberVor has amassed over 1.2 billion unique sets of login credentials in the form of email address/username and password combos. These credentials were harvested from 400,000+ websites that were identified as vulnerable to SQL injection attacks and were subsequently compromised. This appears to be the largest breach of user credentials to date and represents a threat worse than Heartbleed. Given the scale of the breach it’s not unlikely that a site you or your users have visited was compromised. Note that this breach affected large and small websites alike; CyberVor attacked any site they could find that was vulnerable to a SQL injection attack. A complete list of compromised sites is not currently available, nor is the list of email addresses CyberVor collected.

For more information about the breach you can read:

Hold Security’s original posting here: http://www.holdsecurity.com/news/cybervor-breach/

And the New York Times report here: http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html

What to do:

Envision Consulting recommends that all users change their passwords for any websites that are important to them; this includes financial sites, e-commerce sites with stored payment information, web-based email sites and any other site of personal or commercial importance. Note: It is very important to avoid reusing the same password across multiple sites, especially on financial or email accounts. Wherever available Envision also recommends enabling 2-factor authentication as an extra security measure.

If you have any further question or concerns please contact engineering@wordpress-564672-3764011.cloudwaysapps.com and we will be happy to assist.

Thank you,

Envision Consulting

Envision Consulting

Envision Consulting

We started Envision Consulting for businesses that share our passion for building long- term and healthy relationships. While we might be technology experts, we’ve always known that trust, reliability and looking after a client’s best interest are paramount to succeeding in business. But in 2001 and to this day, there were few managed IT providers available that embodied our customer-centric values. There were countless support companies more interested in reacting to issues than paving the road forward for clients, making it far too difficult to build long-term relationships. We felt a strong pull to make something different, and we did.