Cygilant Blog

Are Cybercriminals Accessing Your Email Account?

Posted by Kevin Landt on Jul 19, 2016



In May 2016, when security researchers announced the discovery of one of the largest email hacks in history, with a total of over 200 million email records compromised, people (unsurprisingly) panicked. The breach claimed to have affected close to 57 million accounts; tens of millions of Gmail, Microsoft, and Yahoo accounts; and hundreds of thousands of accounts held with German and Chinese providers.


Fortunately, things were not quite as they seemed. Most of the data released was out-of-date and incorrect. Instead of containing new information, the database was actually an amalgamation of data collected from many different breaches over a long period of time. The cost to acquire the data should have been a red flag—the Russian hacker requested just 50 rubles, or about $1 USD, to share his spoils. And he ended up doing it just for the publicity, after agreeing to release the data in exchange for some nice comments about him in hacker forums.


The hack may have been overblown, but some of the data released was genuine. This suggests that people were reusing their passwords across multiple sites. And the initial reaction shows just how crucial it is that our email passwords remain secure.

Why Email Passwords are Critical to Security

Your email password is the key to your personal and work accounts. If someone can get into your email account, they can likely reset your passwords for your cellphone, social media accounts, and your website. Even your bank accounts can be affected, if you bank online and have stored that password somewhere in your email.


It's a nightmare that former Wired writer Mat Honan lived through, when hacker Cosmo the God of UGNazi took over his Twitter account and more, wiping his iPad and cloud storage to boot. This shows that even tech experts can be vulnerable to hacks, which means it's all the more important that organizations be particularly careful when handling cybersecurity matters.

How to Minimize the Effects of Email Hacks

Above all, you should have a company-wide policy against re-using passwords from other accounts. Re-using passwords is one of the biggest mistakes many employees can make, putting themselves and their company at risk. If a hacker can get into a legitimate corporate email account, they can pose as that company's executive and cause serious trouble.


It's also a good idea to remind people to periodically change their passwords. Memorizing new, complex passwords can be inconvenient, but the process can be made simpler with a password manager. It's necessary to create strong passwords particularly since most breaches aren't discovered for a considerable length of time after they've happened. To see if your email address has been involved in a leak, you can check Have I Been Pwned. Staying aware of your personal security is the first step to preventing lasting damage.


Big data breaches happen because a company has been attacked, not because of individual sloppiness. But a good password policy can go a long way to minimizing the effects of a big hack.

How to Assess IT Vulnerabilities for Free

If you have ever wondered what software flaws and vulnerabilities are hiding in your network, now is the time to find out. For a limited time only, EiQ Networks will offer a FREE scan of up to 10 external IP addresses to identify vulnerabilities. You’ll receive an in-depth report that identifies:

  • The number of vulnerabilities detected and their severity level
  • The number of assets affected and which ones they are
  • A detailed description of the threat, its impact, and remediation guidance

Sign Up for Free Vulnerability Assessment Scan


Feature Photo:

Tags: Cybercrime, Hacking, InfoSec, Email

Most Recent Posts

Subscribe to Email Updates