Website Operator Search: Enables service providers like Netflix to fetch all email addresses exposed in stealer logs when users enter credentials into their domains, returning arrays like [“[email protected]”]. HIBP founder Troy Hunt collaborated with international government agencies to acquire the 744-file corpus, which contained 23 billion raw entries of credentials extracted from victims’ machines. Domain-Centric Stealer Log Search: Allows domain administrators to retrieve all email aliases (e.g., john@ in [email protected]) and associated website domains (e.g., netflix.com) from their DNS-controlled domains. Have I Been Pwned (HIBP) has incorporated 284 million email addresses compromised by information-stealer malware into its breach notification service. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Hunt validated geographic consistency by testing entries against localized authentication endpoints, confirming both account existence and the malware’s accuracy in capturing login contexts. This update expands HIBP’s repository to include 493 million unique website-email pairs and introduces critical tools for organizations to combat credential-based attacks. The service now contains over 13 billion compromised credentials, with 10 billion API monthly requests informing password policies globally. The service now processes 10,000 new compromised accounts/minute from ongoing malware operations, underscoring the relentless growth of credential-based threats. As Hunt noted, this corpus is “just one of many channels,” but its inclusion marks a pivotal step in democratizing access to malware intelligence. Kaaviya is a Security Editor and fellow reporter with Cyber Security News.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 26 Feb 2025 07:55:15 +0000