A huge unencrypted database containing email addresses and passwords, as well as some credit card details, was found in a free hosting service. The service manager sent a copy of the base to Troy Hunt, a security researcher and creator Have I been pwned?, in order to compare it with the existing data and to determine whether it was a new data breach. It is believed to be intended for Credential stuffing attack.
Researcher Troy, judging from the configuration of the file, believes this is a list that has been gathered from previous violations. The most likely reason the base is created is credential stuffing.
Credential stuffing is a type of attack where login (typically usernames and passwords) from previous violations are tested by automated programs against different services. For example, by testing the database that leaked 2016 from Dailymotion to google, it's credential stuffing. Since many users are using the same combination of email and password in more than one online account, many accounts are violated via credential stuffing.
Troy, through a yesterday's own publication, said he analyzed the base and concluded that 93% of addresses already existed at its base Have I been pwnd. However, the remaining 7% that did not exist corresponds to more than 2.5 million user combinations.
Also, following Troy's attempt to understand where this base came from, he did not come to any conclusion as there is no specific pattern. The addresses appear to have been drawn in random order.
Cybercriminals exchange databases with login credentials on a daily basis. So when a combination is leaked, it is likely to be found in many different hands. For this reason, it is recommended to use large and complex access codes, but it is more important to use a different one Password in every online service.