The Implications of Last Week’s Exposure of 1.2B Records

It seems the sky is not falling in, this time…:

[…] A security incident that generates conversation typically involves a breach or exposure of comparatively more sensitive data. But this unprotected server didn’t store personally identifiable information like Social Security numbers, nor did it contain passwords or payment card data. So why did the exposure of publicly accessible data have people talking?

The amount and type of information exposed, and the way it was organized, could give cybercriminals the tools they need to assume other identities or launch spear-phishing attacks. As Wade Woolwine, Rapid7’s principal threat intelligence researcher, puts it: “Data in aggregate is always worth something to someone … large sums of data are worth their weight in gold.”


Original article here