Have I Been Pwned: 183 Million Credentials Stolen by Infostealers Added
"Have I Been Pwned" collects published credentials. Now, 183 million accounts stolen by infostealers have been added.
(Image: heise online / dmk)
The Have-I-Been-Pwned project (HIBP) is now 183 million stolen credentials richer. Operator Troy Hunt has added credentials exfiltrated by infostealers, collected by the company Synthient, to the already massive data collection.
Infostealers are Trojans installed on victims' computers or smartphones - often they end up there because the owners have installed supposedly cracked software, or because malware introduced through security vulnerabilities in the software used has managed to nest. They eavesdrop when victims log into services and send the credentials to their command-and-control servers. Often, the data then ends up in publicly accessible cloud storage or in Telegram channels, where other criminals collect and reassemble it, as well as compare and merge it with data from older leaks.
Synthient collected such data. Have-I-Been-Pwned operator Troy Hunt has now received the Synthient data collection from April of this year. After cleaning up - "normalizing" and deduplicating Hunt explicitly mentions in the announcement- 183 million unique credentials remained from the billions of entries. These include the website where they were entered, as well as username and password.
Findable on HIBP
The dataset is now searchable via the HIBP website. E-mail addresses, passwords, domains, and the website where credentials were entered are available as search criteria.
Videos by heise
Until the beginning of this year, the HIBP project had only collected data from known data leaks or organizational breaches in its database. However, since then, Troy Hunt has begun to process and supplement also the publicly surfaced data stolen by infostealers.
However, direct address search is not intended to return such infostealer data. Since the addresses where the credentials were entered are also included, the privacy of the victims could otherwise be compromised. Hunt cited as an example that the infostealer data includes domains with words like "Porn", "Adult", or "xxx". However, interested parties can have the information sent to their e-mail address. This requires registration for HIBP's "Notify Me" service.
(dmk)
