Nearly 71 million login credentials for Facebook, Roblox, eBay, and Yahoo have been available online in recent months.
The data breach was immediately added to the website Have I Been Pwned (HIBP). The millions of login credentials were published on an underground marketplace that trades stolen credentials. Not every security researcher pays much attention to zone credential dumps because they often involve repackaging previously leaked passwords. The newly discovered leak, however, involves millions of unique login credentials.
Passwords
According to Troy Hunt of HIBP, the login credentials were obtained via stealer logs. “In other words, malware that has grabbed credentials from compromised machines. Apparently, this was sourced from the now defunct illicit.services website which (in)famously provided search results for other people’s data,” Hunt said. The passwords in this case were leaked in plain text.
About 25 million passwords had never been leaked before. Hunt discovered this by a striking statistic: 65.03 per cent of the adressess, based on a sample, could already be found in HIBP. “When a third of the email addresses have never been seen before, that’s statistically significant. This isn’t just the usual collection of repurposed lists wrapped up with a brand-new bow on it and passed off as the next big thing; it’s a significant volume of new data,” Hunt concludes.
An image of a sample that Hunt shared shows that this included obtaining login credentials for popular services, including Facebook, eBay and Yahoo. Below is the image of the sample.
Tip: Androxgh0st botnet steals AWS and Microsoft credentials
1 day ago
