Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service.
The Naz.API dataset is a massive collection of 1 billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware.
Credential stuffing lists are collections of login name and password pairs stolen from previous data breaches that are used to breach accounts on other sites.
Information-stealing malware attempts to steal a wide variety of data from an infected computer, including credentials saved in browsers, VPN clients, and FTP clients.
Regardless of how the credentials are stolen, they are then used to breach accounts owned by the victim, sold to other threat actors on cybercrime marketplaces, or released for free on hacker forums to gain reputation amongst the hacking community.
The Naz.API is a dataset allegedly containing over 1 billion lines of stolen credentials compiled from credential stuffing lists and from information-stealing malware logs.
This dataset has been floating around the data breach community for quite a while but rose to notoriety after it was used to fuel an open-source intelligence platform called illicit.
This service allows visitors to search a database of stolen information, including names, phone numbers, email addresses, and other personal data.
Services use data from various sources, but one of its largest sources of data came from the Naz.API dataset, which was shared privately among a small number of people.
Each line in the Naz.API data consists of a login URL, its login name, and an associated password stolen from a person's device, as shown below.
Naz.API added to HIBP. Today, Troy Hunt, the creator of Have I Been Pwned, announced he added the Naz.API dataset to his data breach notification service after he received it from a well-known tech company.
According to Hunt, the Naz.API dataset consists of 319 files totaling 104GB and containing 70,840,771 unique email addresses.
While there are close to 71 million unique emails, for each email address, there are likely many other records for the different sites' credentials were stolen from.
Hunt says the Naz.API data is likely old, as it contained one of his and other HIBP subscribers' passwords that were used in the past.
Hunt says his password was used in 2011, meaning that some of the data is over 13 years old.
To check if your credentials are in the Naz.API dataset, you can perform a search at Have I Been Pwned.
If your email is found to be associated with Naz.API, the site will warn you, indicating that your computer was infected with information-stealing malware at one point.
Even if HIBP warns you that your email was in the Naz.API, it does not tell you for what specific website credentials were stolen.
Google: Malware abusing API is standard token theft, not an API issue.
23andMe updates user agreement to prevent data breach lawsuits.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 17 Jan 2024 22:10:10 +0000