How Attackers Will Use Epsilon Data Against You 78
Trailrunner7 writes "What might the criminals who broke into Epsilon do with the email lists they have? The easiest thing to do is to sell these data sets on the black market or, potentially, to competitors of victim firms. According to the latest data from data-breaches.net, totals are up to 57 customers including credit card providers with branded cards — Visa (notices sent for at least 3 cards), the World Financial Network National Bank (12 cards) and Citi (3 cards). The criminals may make some money there and re-invest it into technology or services for other efforts. Once an attacker has gained a foothold on one or more systems used by their mark, they can begin harvesting credentials. The frequency with which average consumers use the same username/password combination across multiple sites is such that such information could lead to accessing other potentially-existing accounts on high-profile social networks."
Re:Passwords not compromised (Score:5, Interesting)
Not as part of this breach, but as a possible consequence.
Bad guys get your email, name, and a couple of other things. Bad guys do a very targeted phishing exercise, and scam you into giving up credentials for one service. Bad guys then could potentially rely on the fact that people reuse passwords, and get into several other sites.
Depending on the uniqueness of your first/last name combination ... there might actually be enough information in there to actually identify you in the real world.
You know, the things that TFA are actually saying.