Have I Been Pwned adds 284M Accounts Stolen By Infostealer Malware
Summary:
The Have I Been Pwned (HIBP) service has added over 284 million accounts to its database, which were stolen by information-stealer malware and found on a Telegram channel. HIBP founder Troy Hunt discovered 284,132,969 compromised accounts while analyzing 1.5TB of stealer logs, likely sourced from various origins and shared on the "ALIEN TXTBASE" Telegram channel. This data includes 23 billion rows and 493 million unique website and email address pairs, affecting 284 million unique email addresses. Additionally, 244 million previously unseen passwords have been added to Pwned Passwords, with updates to another 199 million already in the database. The stolen accounts likely contain both old and new credentials, including those acquired via credential stuffing attacks and data breaches.
Security Officer Comments:
Infostealer campaigns have acted as a catalyst for numerous high-profile data breaches, as cybercriminals leverage stolen credentials to infiltrate organizational networks and systems. A prevalent method of spreading infostealer malware involves malicious websites that promote fake software downloads for widely used applications. Unsuspecting users may unknowingly download the malware disguised as legitimate software, compromising their systems in the process. This method highlights the need for users to exercise heightened vigilance when downloading software from the internet. In general, users should verify the authenticity of websites, download software only from trusted sources, and use security tools like antivirus software and firewalls to detect and block such threats.
Suggested Corrections:
HIBP has introduced two new APIs that are available to domain owners and website operators with a monthly subscription, enabling them to identify customers whose credentials have been stolen by querying the newly added stealer logs based on email or website domains. The first API allows domain administrators to collect all email aliases and their corresponding website domains from their DNS-managed domains, while the second API enables service providers, such as Netflix, to retrieve email addresses exposed in the stealer logs when users enter their credentials on the site. Together, these APIs are designed to help organizations detect compromised accounts and address credential-stuffing attacks by facilitating security measures like multi-factor authentication or password resets.
Fore more information please defer to the blog post by Hunt below:
https://www.troyhunt.com/processing-23-billion-rows-of-alien-txtbase-stealer-logs/
Link(s):
https://www.bleepingcomputer.com/ne...-284m-accounts-stolen-by-infostealer-malware/
The Have I Been Pwned (HIBP) service has added over 284 million accounts to its database, which were stolen by information-stealer malware and found on a Telegram channel. HIBP founder Troy Hunt discovered 284,132,969 compromised accounts while analyzing 1.5TB of stealer logs, likely sourced from various origins and shared on the "ALIEN TXTBASE" Telegram channel. This data includes 23 billion rows and 493 million unique website and email address pairs, affecting 284 million unique email addresses. Additionally, 244 million previously unseen passwords have been added to Pwned Passwords, with updates to another 199 million already in the database. The stolen accounts likely contain both old and new credentials, including those acquired via credential stuffing attacks and data breaches.
Security Officer Comments:
Infostealer campaigns have acted as a catalyst for numerous high-profile data breaches, as cybercriminals leverage stolen credentials to infiltrate organizational networks and systems. A prevalent method of spreading infostealer malware involves malicious websites that promote fake software downloads for widely used applications. Unsuspecting users may unknowingly download the malware disguised as legitimate software, compromising their systems in the process. This method highlights the need for users to exercise heightened vigilance when downloading software from the internet. In general, users should verify the authenticity of websites, download software only from trusted sources, and use security tools like antivirus software and firewalls to detect and block such threats.
Suggested Corrections:
HIBP has introduced two new APIs that are available to domain owners and website operators with a monthly subscription, enabling them to identify customers whose credentials have been stolen by querying the newly added stealer logs based on email or website domains. The first API allows domain administrators to collect all email aliases and their corresponding website domains from their DNS-managed domains, while the second API enables service providers, such as Netflix, to retrieve email addresses exposed in the stealer logs when users enter their credentials on the site. Together, these APIs are designed to help organizations detect compromised accounts and address credential-stuffing attacks by facilitating security measures like multi-factor authentication or password resets.
Fore more information please defer to the blog post by Hunt below:
https://www.troyhunt.com/processing-23-billion-rows-of-alien-txtbase-stealer-logs/
Link(s):
https://www.bleepingcomputer.com/ne...-284m-accounts-stolen-by-infostealer-malware/