What is the deal with the Gmail breach?
September 16, 2014

There has been a wealth of confusion regarding the recent Gmail data breach that reportedly exposed roughly five million password and login code combinations, and rightfully so. The world has fallen into a pretty cumbersome and complex state in which many consumers, business leaders and even government officials have become somewhat desensitized to the prospect of data breach and information exposure, which is compounding cybersecurity problems significantly. 

Some will immediately think the worst when a major event strikes, while others will simply believe that it was an unavoidable and likely not all that devastating occurrence given the regularity of headlines regarding these matters. Any enterprise executive that wants to ensure the most consistent and preferable brand image in the eyes of current and prospective clientele cannot fall into either of these categories, as both have equal but varying dangers. 

So, when the news hit the presses that Gmail accounts had been infiltrated by an alleged group of Russian hackers, it was yet another example of how quickly matters get complicated, facts get shadowed by speculation and more. The most intelligent firms will generally enjoy the strongest defense against disasters, as well as timely adjustments to identity and access management strategies which will further safeguard the organization’s brand stature. 

What happened?
Info-Security Magazine reported that roughly five million users might have been impacted by a breach of Gmails systems, leading hackers to post the login and password combinations on a popular website based in Russia. Since the first indication that this even occurred, though, Google has spoken out and affirmed that a negligible percentage of these codes are actually going to line up and work, and that even those that do will not necessarily impact Gmail services. 

Rather, researchers have found that the biggest risk will be attached to accounts that users have linked to their Gmail service, such as those that require an email address to be the user name. According to the news provider, there are other collateral risks that are likely to arise in the future because of this breach, while some have already started to manifest into reality such as phising attacks against Gmail users. 

“Catalogues of previously leaked credentials serve as a database for password crackers,” KPMG researcher Yiannis Chrysanthou told Info-Security Magazine. “This theen makes future hacks even easier and quicker, with many passwords cracked in zero time. Passwork cracking research is moving towards intelligent, efficient and content-aware attack techniques designed to crack the bulk of passwords fast. Every large scale credential leak makes cracking passwords easier for the next one, and organizations adding password complexity to their policies only slightly delays this process instead of stopping it.”

This is yet another well-spoken suggestion of a fact that has been known for years, in that these types of attacks raise risk for a multitude of entities, while those organizations remain lethargic in their pursuit of more modern security. 

Simply not necessary
Perhaps many leaders do not quite understand just how effective modern access management controls can be in the defense of data against modern hackers and threats. Whereas traditional passwords are not only a solid method of securing accounts and data, they also tend to be difficult to manage from the user perspective, as they can be easily lost or forgotten, hindering productivity. 

Dynamic authentication was developed to correct both of these problems among businesses, as the solutions are far more intuitive and user-friendly while still bolstering the actual defense against cybercrime. Those firms that leverage these types of solutions more proactively will likely be far less concerned when major breaches such as the one mentioned above occur.