On May 5, the creator of the famed “Have I Been Pwned?” breach alert system, Troy Hunt, announced that he loaded “over 1 billion breached accounts into HIBP.” At the date of his blog post, HIBP hosted 2.7 billion breached accounts from numerous breaches. “There’s a lot more there now,” he explained, referring to a massive number of breached accounts—currently for sale as anti-public username lists.
On Hansa marketplace, some of the major vendors—DoubleFlag, for instance—sat on the back-burner as two relatively unknown vendors made headlines. “Wildfruit2” and “DBworld.” Both vendors listed nearly identical products on the darknet marketplace known as Hansa. One, Dbworld, advertises 457,962,538 username and cleartext passwords from users that shared passwords across multiple websites, often those with details already compromised in previous database attacks.
The HaveIbeenpwned creator explained the process of credential stuffing, a technique used with these anti-public listings:
“Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.”
Dbworld listed their 457,962,538 accounts for $249, as of May 10. The entity, while less established than DoubleFlag or TheDarkOverlord, sold a surprising number of accounts. Accounts from all sorts of industries. And although anti-public listings involve informant from a random conglomeration of hacked databases, DBworld’s collection potentially points out the specific one(s). Unfortunately, that matters very little; the “Ultimate Leak Pack | 4,074,055,658 records | 1081 databases | Last updated: 10th May” contains many too many records to read.
The listing includes a list of beaches databases that, indeed, took several minutes to read through. Most are recognizable add breaches that DeepDotWeb reported in the past. The Bitcoin forums or the uTorrent forum breach, for example.
The second vendor, wildfruit2, listed 457,962,538 account combo lists on the same darknet market—for $230. Only Minimally less. Both vendors uploaded and sold the same product and it only took someone a few hours to buy data from one of the hackers. The buyer then, to the dismay of many and the delight or few, uploaded 17 gigabytes of uncompressed text data to a publically accessible website. There, the data can easily be confirmed beyond the confirmations provided by Hunt. (Not that there is any need to do so.)
HackRead, not unknown for their keen eye when reporting darknet data breaches, pointed out that “the nightmare doesn’t end [there].” Wildfruit2 is also actively selling 800 million Exploit.in accounts in the form of a cleartext username + password. combination. This brings Wildfruit2’s total accounts to 1,257,962,538.
TheBitcoinNews.com – Bitcoin News source since June 2011 –
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
Everything on this website can be seen as Advertisment and most comes from Press Releases, TheBitcoinNews.com is is not responsible for any of the content of or from external sites and feeds. Sponsored posts are always flagged as this, guest posts, guest articles and PRs are most time but NOT always flagged as this. Expert opinions and Price predictions are not supported by us and comes up from 3th part websites.
Advertise with us : Advertise
Our Social Networks: Facebook Instagram Pinterest Reddit Telegram Twitter Youtube