How Attackers Will Use Epsilon Data Against You 78
Trailrunner7 writes "What might the criminals who broke into Epsilon do with the email lists they have? The easiest thing to do is to sell these data sets on the black market or, potentially, to competitors of victim firms. According to the latest data from data-breaches.net, totals are up to 57 customers including credit card providers with branded cards — Visa (notices sent for at least 3 cards), the World Financial Network National Bank (12 cards) and Citi (3 cards). The criminals may make some money there and re-invest it into technology or services for other efforts. Once an attacker has gained a foothold on one or more systems used by their mark, they can begin harvesting credentials. The frequency with which average consumers use the same username/password combination across multiple sites is such that such information could lead to accessing other potentially-existing accounts on high-profile social networks."
Re:Passwords not compromised (Score:2, Insightful)
The Epsilon disclosure doesn't make me any more vulnerable than before.
Of course it does. They have your email and know with which company you have an account using this email, maybe even specific services you've subscribed to. They can forge a credible-sounding email pretending to be said company or working for them or whatever. The more info you have the more credible a forgery is, the more people will fall for it. The majority of internet users couldn't tell a decent forgery from the real deal.