1 million .nl passwords and emails were sold on the darkweb ? Check yours (and what is the Belgian CERT doing for the .be emails)

Dit is de verklaring van de Nederlandse CERT

Het Nationaal Cyber Security Centrum (NCSC) heeft van Hold Security de beschikking gekregen over de domeinnamen en e-mailadressen met een .nl-extensie. Hold Security gaf eerder via mediaberichten aan een dataset met 1,2 miljard inloggegevens wereldwijd verkregen te hebben, afkomstig van 420.000 kwetsbare websites. Vanuit haar coördinerende rol en CERT-taak heeft het NCSC direct na ontvangst van de gegevens actie ondernomen en licht samen met partners getroffen partijen in
https://www.ncsc.nl/actueel/nieuwsberichten/ncsc-verkrijgt-nederlandse-gegevens-van-hold-security.html

So out of a database of 1.2 billion data from hold on Security a million had an .nl emailaddress which made it clear that you have some connection to Holland

you can check if yours is here https://emailcheck.xs4all.nl/

this is why it is important that emailproviders like Yahoo and Google nationalise their domains so that instead of hundreds of millions generic .com emailaddresses it would be easier to identify those that belong to a certain country (and so a certain CERT). 

It is not clear what the other CERTS are doing and it is not clear if the 42.000 hacked domains have been notified and if the generic domains are participating also (Google.com and Yahoo.com for example among many others)

as we have said before when he made this press declaration, the firm doesn't have the right to keep that data, that data should have been transferred to the dataprotectors (the CERT and the other institution to set up a coordinated action to notify the victims and to block their accounts if necessary to limit the damages)

they even set up an online form in which you could check if your personal logindetails were sold online or not (even if this may be very late as the information was made public in august and the 42.000 emptied

but there are other questions

* Holdon security said it was finding every week new datasets they were adding to their database, does this mean that the Dutch cert will receive new .nl logins if they find them ?

* what happens with the data about the .nl people that Holdon security has - and that now has been officially recognized that they have ? Because they are holding on to illegal information they have from citizens who didn't give them the right to keep that data for themselves. If I interpret the privacy régulations that I didn't give them any right to collect and surely not to keep this information.

And what is even more incredible is that they are asking money for it to check for me if my emailaddress is in the old and new datasets they are colleding

Reminder : if we take all the datasets together that have been stolen the last 2 to 3 years than yes we arrive at nearly a billion (what is more I even know there are several older Datadumps online on TOR). But we should also mention some quality information with the information. If it is an old leak from 2011 than there is little you can do, if the leak is from last week, than there is a big problem and you can still do some things.

at the other side, Holdon security has been the biggest lowhanging fruit on the internet, collecting all that data. I hope that their security is so strict and monitored that they can keep that information.

The comments are closed.