With over 700 million records, this is one of the biggest loots of information ever found
Ethical hacking and network
security experts from the International Institute of Cyber Security reported
the finding of a gigantic database with more than 700 million email addresses
in one of the most popular hacking forums on dark web, implying that cybercriminals
have one of the largest stolen information banks ever known.
The database is composed of a total of 87 GB
organized into 12k separate folders within a root folder called ‘Collection #1’.
The database was first identified in the Mega cloud storage service, from where
it was subsequently eliminated, to end up in a dark web forum.
Troy Hunt, network security expert, conducted
an analysis of the database, discovering that it contains about one billion
unique combinations of email addresses and passwords listed. After a debugging
process, the database left about 773 million of unique email addresses, the
largest stolen mail collection ever recorded in Have
I Been Pwned, site managed by Hunt.
In addition, Hunt mentioned that they found 21
million of unique passwords in the database: “We found this information after
implementing multiple cleanup processes, discarding passwords that were still
in the form of hash, strings, control characters and SQL statement snippets,” the
expert mentioned.
Some files corresponding to other data breach
incidents were included in this database, although researchers also found
unregistered information. Network security experts agree that this information
was widely circulated through various forums before it was discovered by Hunt.
“Obviously the huge amount of leaked data
represents a greater number of people possibly affected,” Hunter said. “The
more information available the cybercriminals got, the more likely it will be
to succeed in their malicious campaigns”.
According to researchers, the compromised
information could be used primarily to deploy credential stuffing attacks,
which consists of the use of automated scripts to test thousands of username/password
combination on a website. These attacks are often successful against users who
use the same access codes for different services.
“Massive data breaches, as is the ‘Collection
#1’ case, increase the traffic of bots in the login screens in multiple websites,
because the hackers ride through enormous lists of stolen passwords”, mentions
the expert in network security Ramid Essaid. “Any person or organization that
uses login pages could become the next victim of a data breach”.
