Search This Blog

42 Million Emails And Passwords Uploaded To A Free, Public Hosting Service

Files with 42 million emails and passwords found on free hosting service

A database comprising of a collection of a total number of 42 million records was uploaded on an anonymous file hosting service recently. The collection included unique email addresses and plain text passwords alongside partial credit card data.

Troy Hunt, Australian security researcher and creator of the Have I Been Pwned data breach index site, was requested to analyze and check whether it was the aftereffect of an obscure data breach. He could determine that more than 91% of the passwords in the dataset were at that point already accessible in the Have I Been Pwned collection and that the filenames in the said collection don't point to a specific source in light of the fact that there is no single example for the breaches they showed up in.

In light of the format of the data, the list are in all probability expected for credential stuffing attacks, which consolidate into a single list cracked passwords and email addresses and run them consequently against different online services to hijack the user accounts that match them.

Sample of data from lists sent to Hunt

The reason for the utilization of the credential stuffing attacks lies behind the fact that these attacks, while exploiting the users, for convenience are probably going to reuse those credentials on various other sites.

"When I pulled the email addresses out of the file, I found almost 42M unique values. I took a sample set and found about 89% of them were already in HIBP which meant there was a significant amount of data I've never seen before.” Hunter wrote on a blog post.

The database contained an overall of 755 documents totalling 1.8GB.

Users are constantly encouraged though to utilize solid as well as diverse passwords for various accounts. Continuously empower multifaceted validation.

Share it:

Credential Stuffing Attacks

Data Breach