Car Hacking: More likely to be done by a mechanic than by a hacker
infosec

Car Hacking: More likely to be done by a mechanic than by a hacker

When we talk about car hacking, it comes to mind a hacker who gets remote access to the car system ...
Read More
infosec

Sri Lanka: Blocks access to social media

The government of Sri Lanka has temporarily blocked access to various social media services following deadly explosions that erupted ...
Read More
infosec tweaks

How to hack networks with Wi-Fi passwords

Probably you have a Wi-Fi network in your home or stay close to one (or more) that appears in ...
Read More
infosec tweaks

What is Social Engineering, what are its techniques and how to protect yourself?

Social Engineering is the term used for a wide range of malicious activities that are accomplished through human interactions. Uses the ...
Read More
infosec tweaks

Cryptocurrency: Ways to Enhance Your Privacy

Privacy and privacy on the internet are of great importance. It is not enough to take one or two measures to protect ...
Read More
Latest Posts

Credential stuffing: Found database with 42 million email

A huge unencrypted database containing email addresses and passwords, as well as some credit card details, was found in a free hosting service. The service manager sent a copy of the base to Troy Hunt, a security researcher and creator Have I been pwned?, in order to compare it with the existing data and to determine whether it was a new data breach. It is believed to be intended for Credential stuffing attack.

Credential stuffing email

Researcher Troy, judging from the configuration of the file, believes this is a list that has been gathered from previous violations. The most likely reason the base is created is credential stuffing.

Credential stuffing is a type of attack where login (typically usernames and passwords) from previous violations are tested by automated programs against different services. For example, by testing the database that leaked 2016 from Dailymotion to google, it's credential stuffing. Since many users are using the same combination of email and password in more than one online account, many accounts are violated via credential stuffing.

Troy, through a yesterday's own publication, said he analyzed the base and concluded that 93% of addresses already existed at its base Have I been pwnd. However, the remaining 7% that did not exist corresponds to more than 2.5 million user combinations.

Also, following Troy's attempt to understand where this base came from, he did not come to any conclusion as there is no specific pattern. The addresses appear to have been drawn in random order.

Cybercriminals exchange databases with login credentials on a daily basis. So when a combination is leaked, it is likely to be found in many different hands. For this reason, it is recommended to use large and complex access codes, but it is more important to use a different one Password in every online service.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *