Have-I-Been-Pwned project now also records Infostealer data
So far, Have I Been Pwned has exploited data from specific data leaks. Now data discoveries by Infostealer are also being added.
(Image: Erstellt mit KI in Bing Designer durch heise online / dmk)
The Have-I-Been-Pwned Project (HIBP) has so far only included data from known data leaks and intrusions at organizations in the database and provided interested parties with information on this. Now, data collected by infostealers is also being added on a large scale.
In a blog post, project owner Troy Hunt explains that this is a significant change. Anyone searching for their email address on HIBP has so far received feedback on which known data leak the information appeared in. Hunt has previously integrated data from Infostealers, but there was frustration among those affected who could not make sense of the information “address appeared in Infostealer logs”.
HIBP: Infostealer data with more meaningful information
Infostealers are malware that infects the computers of those affected. Troy Hunt gives the example of downloading and executing supposed software cracks and game cheats that bring such malware with them.
Videos by heise
However, the Infostealer logs data on all kinds of services used on infected computers. As an experimental function, interested parties can now receive notifications to their e-mail address. In addition, companies that own the domains can receive the information via an API after confirming the ownership of a domain, for example to reset the passwords to apparently compromised accounts. In the future, Hunt wants to test whether HIBP can also send information to domain owners so that they can reset newly identified compromised accounts.
However, the direct address search on HIBP should not return this information from Infostealers. The reason for this is as simple as it is plausible: when entering any email address, compromising information that undermines privacy could otherwise reach unauthorized people. As an example, Hunt cites the fact that the Infostealer data contains dozens of domains with the words “porn”, “adult” or “xxx”. And he was only looking for the domain of a well-known Fortune 500 company.
Millions of Infostealer records added
In January, Troy Hunt added well over 71 million new data records from Infostealers to the HIBP project. Hunt is thus launching the new experimental functions described above. In addition, 106 million new passwords were extracted from the Infostealer data – A search mask from HIBP allows passwords to be checked to see whether they have appeared in data leaks.
In mid-December, Hunt added the 50,000 data records copied from the electricity provider Tibber to the Have-I-Been-Pwned data pool.
(dmk)
