For roughly four months, a gigantic email and password dump was circulating on the dark web, and no one in the cybersecurity community noticed, until now.
Have I Been Pwned? (HIBP) has added a new database containing roughly 71 million email addresses to its platform. The service allows users to see if their email addresses were picked up by threat actors at any time in the past and, if so, which service was breached to obtain the information.
While announcing the new addition, HIBP owner Troy Hunt says he dismissed the database earlier because it seemed to be nothing more than old information – repackaged. Upon closer inspection, however, he determined that a third of the email addresses were brand new, making the data dump “statistically significant”.
Significant data volume
This isn’t just the usual collection of repurposed lists wrapped up with a brand-new bow on it and passed off as the next big thing; it’s a significant volume of new data,” Hunt wrote. “When you look at the above forum post the data accompanied, the reason why becomes clear: it’s from ‘stealer logs’ or in other words, malware that has grabbed credentials from compromised machines.”
When a user types in their email in the Have I Been Pwned? service, if their email pops up under the “Naz.API” submission, that means that they were, most likely, infected by malware at some point in the past (or are infected still). That also means that the malware stole passwords for various services. Unfortunately, it’s difficult to determine which service (unless the user recognizes the unique username/password combination). Some of the services mentioned include Facebook, Yahoo, Roblox, eBay, and others.
The database counts 319 files, totaling 104GB. Exactly 70,840,771 unique email addresses were exposed, and 427,308 individual Have I Been Pwned? subscribers impacted.
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews