Email is integrated into nearly every aspect of our lives, everything from business to banking to health and beyond. As such, our email accounts are some of the most precious digital assets we have. Currently, there are 4.9 billion email addresses worldwide. In just two years, there have been 6,789 email data breaches globally, according to Avatier’s timeline of email security breaches. And in that short timeframe, 886.5 million records were compromised, a total which is more than double the U.S. population. Since 2017 began, we have seen the significant hacking of 2.2 million Wishbone user email addresses exposed in March and 36,000 Boeing employees’ emails exposed in February. While email hacking is certainly not new, it has evolved in sophistication, and the risks are greater now that more of our communication is done digitally. Individuals can protect their privacy by using highly secure passwords and multi-factor authentication. But for businesses, an email breach can cost the company billions of dollars.
AOL: Early Email Cybercrimes
The timeline of large-scale email breaches dates back more than a decade to 2004, when AOL employee Jason Smathers stole the information for 92 million accounts and sold it to spammers who were pitching an offshore gambling site. This sale resulted in account holders receiving a total of 7 billion unsolicited emails. There was a new anti-spam law that was passed earlier that year, and Smathers was one of the first to be prosecuted. "Cyberspace is a new and strange place," said Smathers. "I was good at navigating in that frontier, and I became an outlaw." The world of cybercrime was still new to the courts, and the judge, though lenient in his sentencing, made it clear that the "Internet is not lawless." He explained: "The public at large has an interest in making sure people respect the same values that apply in everyday life, on the Internet." 92 million AOL accounts breached in 2004 cost the company $400,000 to millions of dollars.
Yahoo: The High Cost of Minimal Email Security
In a series of Yahoo breaches, a total of 1.5 billion email accounts were compromised. The hacks took place between 2013 and 2014, and the public was not notified until late 2016. The announcement of the hack emerged during negotiations to sell the company to Verizon for $4.8 billion. Some say the hack was a result of Yahoo’s denial of financial resources to its security team. The company had been rapidly losing its user base to Google’s collection of apps, including Gmail, so it was not willing to add friction to its current users by implementing additional security measures. Shockingly, the company did not even implement a mandatory password change for users after the breach because it didn’t want to inconvenience users and shrink its base. The sale price for the data on the dark web went from $300,000 in 2015 to $200,000 in 2016, with the reduction in value from some users changing their passwords. Therefore, it can be assumed that only about one-third of users voluntarily and proactively changed their passwords despite their login credentials being available for sale. 1.5 billion Yahoo accounts nearly cost the company its $4.8 billion sale to Verizon.
Sony: Between Governments and Corporations
In November 2014, the corporate network of Sony Pictures was compromised, and 46,800 contractors and employees were exposed to identity theft which included stolen Social Security numbers and scanned passports. The sum of the stolen data amounted to 100 terabytes, including four unreleased movies and endless emails between employees. The tabloids lit up with leaked emails of behind-the-scenes celebrity name-calling, salary comparisons, and more. The hack was accomplished by the group known as “Guardians of Peace,” which has ties to North Korea. The group also threatened a 9/11-type attack on movie theaters that screened Sony’s film, “The Interview,” a satirical spy comedy about the assassination of North Korean leader Kim Jong-un. The state-sponsored hack prompted President Obama to impose increased sanctions on North Korea. “We take seriously North Korea’s attack that aimed to create destructive financial effects on a U.S. company and to threaten artists and other individuals with the goal of restricting their right to free expression," said Press Secretary Josh Earnest. North Korean hackers cost Sony $35 million plus the revenue loss from not screening “The Interview” in theaters.
Conclusion
Estimated costs of a data breach are about $221 per stolen record. But more than this direct cost of security cleanup, there is the bad publicity, the loss of consumer confidence, and the business challenges after having private emails become public. With email being an integral part of personal and business life, the importance of good email security cannot be understated.
About the Author: Oles Kosiuk is COO and one of the co-founders of Cheesefree, a marketing platform for local business to attract customers in real time. He also works in public relations for Secure Swiss Data, an encrypted email service. You can connect with Oles on Twitter and LinkedIn. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.