CyberSecurityBoard
Sponsor Register Login

70 million account credentials were leaked in a massive password dump

A security researcher has unearthed what appears to be one of the biggest password dumps ever.
Over 70 million unique credentials have been leaked on the dark web.
ADVERTISEMENT. The news came to light when Troy Hunt, the owner of the popular breach notification service, Have I Been Pwned, wrote about the massive data leak on his blog.
427,308 individual Have I Been Pwned subscribers were affected by the leak.
The number 65% is critical here, as it means that the other 35% or one-third of the credentials in the leaked list have never been seen before.
Hunt's article, which was spotted by Ars Technica, goes into extensive detail about the credential leak.
The credential list on the hacking site listed several usernames along with their passwords, and the website they belonged to, suggesting that the credentials were obtained using password stealers and similar malware.
The screenshot here is a small example of the data that was leaked in the credential stuffing list.
The actual list has 312 million rows of email addresses and passwords, that's scary, but to be fair, the passwords seen above aren't strong.
In order to verify whether the leaked credentials were legit, Hunt reached out to some HIBP subscribers, and asked them to verify if their data was accurate.
Some of them reported that the leaked usernames and passwords were real, and that they were used in 2020 or 2021.
While password stealer logs and password stuffing lists were involved in the data leak, Hunt mentions that not all the credentials were sourced in the same manner.
His own email address was leaked with a password that had not been used for a decade, and it was not accompanied by a website to suggest it was stolen by malware.
Have I Been Pwned offers an option that will notify you when your email gets leaked, all you need to do is enter your email address and let the service do the rest.
You can check out Firefox Monitor which does the same thing, but uses k-Anonymity to protects your email by hashing the data before sending it to HIBP. Firefox Monitor uses HIBP as the source to keep an eye on data breaches and leaks, to monitor whether your email address has appeared in a known breach.
Don't sweat it if your email address ever gets leaked publicly, it doesn't mean you need to stop using it.
All you need to do is reset the password of the account, and protect it by enabling two-factor authentication.
Use a password manager like KeePass or Bitwarden to generate strong, unique passwords for your accounts.
70 million account credentials were leaked in a massive password dump.
A massive password dump dubbed the Naz.API list has been discovered on the dark web.


This Cyber News was published on www.ghacks.net. Publication date: Thu, 18 Jan 2024 17:13:04 +0000


Cyber News related to 70 million account credentials were leaked in a massive password dump

70 million account credentials were leaked in a massive password dump - A security researcher has unearthed what appears to be one of the biggest password dumps ever. Over 70 million unique credentials have been leaked on the dark web. ADVERTISEMENT. The news came to light when Troy Hunt, the owner of the popular breach ...
5 months ago Ghacks.net
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
5 months ago Bleepingcomputer.com
361 million stolen accounts leaked on Telegram added to HIBP - A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check ...
1 week ago Bleepingcomputer.com
Alleged ShinyHunters Hacker Pleads Not Guilty After US Extradition - The ShinyHunters group is known for some of the largest data breaches in 2021-2022, in which the personal data of hundreds of millions of users was leaked on the now-seized Raidforums. In July 2022, HackRead.com reported on Sebastian Raoult, an ...
1 year ago Hackread.com
23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
6 months ago Packetstormsecurity.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
1 month ago Cyberdefensemagazine.com
AT&T says leaked data of 70 million people is not from its systems - AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to ...
3 months ago Bleepingcomputer.com
Over 12 million auth secrets and keys leaked on GitHub in 2023 - GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. The exposed secrets include account passwords, API keys, ...
3 months ago Bleepingcomputer.com
6 Best Enterprise Password Managers for 2024 Rated - Password managers are security tools that store, manage, and share authorization credentials safely for individual users and groups. In this article, I evaluate the top password managers and their ability to deliver and support solutions for ...
3 months ago Esecurityplanet.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
6 months ago Bleepingcomputer.com
Best of 2023: Combo Lists & the Dark Web: Understanding Leaked Credentials - In today's interconnected, cloud-based world, user credentials are the keys that grant entry to the house that stores an organization's digital treasure. Just as burglars pick the lock on a physical house, cybercriminals use stolen credentials to ...
6 months ago Securityboulevard.com
Microsoft clamps down on Windows 11 users who want local accounts - The first twist concerns an online support page that deals with Windows user accounts. In versions of the page before last week, Microsoft included steps on how to switch from a Microsoft account to a local account. Specifically, a version of the ...
6 days ago Zdnet.com
Securden Password Vault Review 2024: Security, Pros & Cons - Securden Password Vault is a password management solution geared towards supervising multiple accounts and sensitive login credentials. Yes, Securden Password Vault can be accessed for free. If you're looking for an enterprise-level password solution ...
4 months ago Techrepublic.com
I tried two passwordless password managers, and was seriously impressed by one - Password management apps have been around for decades. There's 1Password, for example, which promises that you'll only need to remember one password instead of dozens or hundreds. Also: Why you can still trust password managers, even after that ...
6 months ago Zdnet.com
LastPass breach linked to theft of $4.4 million in crypto - Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. The news comes ...
7 months ago Bleepingcomputer.com
Understand the pros and cons of enterprise password managers - To counter these threats, corporate IT security teams are turning to business-grade password managers to help centralize and streamline password and credential management. A password manager is a credential vault that gives IT teams a unified digital ...
4 months ago Techtarget.com
Misconfigured Firebase Instances Expose 125 Million User Records - Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple ...
3 months ago Securityweek.com
Locking Down ChatGPT: A User's Guide to Strengthening Account Security - OpenAI officials said that the user who reported his ChatGPT history was a victim of a compromised ChatGPT account, which resulted in the unauthorized logins. OpenAI has confirmed that the unauthorized logins originate from Sri Lanka, according to an ...
4 months ago Cysecurity.news
CyberCrime & Doing Time: Classic Baggie: Part Three - He claimed he was selected as an independent contractor to rebuild a fleet of airplanes for KLM Royal Dutch Airlines, who had wired him $3.5 Million Euros into his Swiss bank account at Neue Privat Bank. His attorney, Phillip Richardson, said that he ...
5 months ago Garwarner.blogspot.com
Insomniac Game Studio Hacked, Wolverine Project Leaked In Breach - Insomniac, one of the most successful video game makers in the world, was recently the victim of a massive hack ... and parts of the highly anticipated Wolverine game were among the troves of material leaked in the breach. According to multiple ...
6 months ago Tmz.com
What Can Go Wrong with Bank Online Account Opening? - Online account opening is one of the most crucial functions for banks today. They pull out their driver's license and show it to the camera on the phone or on the PC. The bank checks some data and vets the driver's license and a new account is ...
6 months ago Securityboulevard.com
China's MIIT Proposes Color-coded Contingency Plan for Security Incidents - On Friday, China proposed a four-tier classification system, in an effort to address data security incidents, underscoring concerns of Beijing in regards to the widespread data leaks and hacking incidents in the country. This emergency plan comes ...
6 months ago Cysecurity.news
Have I Been Pwned adds 71 million emails from Naz.API stolen account list - Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using ...
5 months ago Bleepingcomputer.com
BidenCash darkweb market gives 1.9 million credit cards for free - The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals. BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling ...
6 months ago Bleepingcomputer.com
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
7 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)