People simply don't care to better protect their online identities and undervalue their worth to hackers. I became curious to know (realistically) how many online accounts an attacker would be able to compromise from a single data breach, so I began to scour the open internet for leaked databases.
As I mentioned, this dataset was leaked from a small, unknown gaming website. Selling these gaming accounts would produce very little value to a hacker. The value is in how often these users reused their username, email, and password across other popular websites.
Account Hitman V0.98l
Download Zip: https://urluso.com/2vEjxF
All of the usernames were redacted, but we can see 246 Reddit, Microsoft, Foursquare, Wunderlist, and Scribd accounts were reported as having the same exact username:password combinations as the small gaming website dataset.
After running the Shard command, a total of 219 Twitter, Facebook, BitBucket, and Kijiji accounts were reported as using the same exact username:password combinations. Interestingly, there were no Reddit detections this time.
The Shard results determined that 166 BitBucket accounts were compromised using this password-reuse attack, which is inconsistent with Credmap's BitBucket detection of 111 accounts. Both Crepmap and Shard haven't been updated since 2016 and I suspect the BitBucket results are mostly (if not entirely) false positives. It's possible BitBucket has altered their login parameters since 2016 and has thrown off Credmap and Shard's ability to detect a verified login attempt.
In total (omitting the BitBucket data), the compromised accounts consisted of 61 from Twitter, 52 from Reddit, 17 from Facebook, 29 from Scribd, 23 from Microsoft, and a handful from Foursquare, Wunderlist, and Kijiji. Roughly 200 online accounts compromised as a result of a small data breach in 2017.
If the Credmap and Shard detections were updated, and if I had dedicated more time to crack the remaining 57% of hashes, the results would be higher. With very little effort and time, an attacker is capable of compromising hundreds of online accounts using just a small data breach consisting of 1,100 email addresses and hashed passwords. 2ff7e9595c
Kommentare