This massive stolen account list, with a list of 1 billion credentials, was compiled via credential stuffing lists and data stolen through the use of information-stealing malware. Read more for more details about the stolen account lists. Credential stuffing is a type of cyberattack in which credentials that have been previously obtained from a data breach are used to attempt to log into other services/systems.
The Naz.API dataset allegedly contains over 1 billion lines of stolen credentials. This dataset garnered attention after it was used as part of an open-source intelligence (OSINT) platform called illicit.services, although the data list has been shared around the data breach community for a while. Illicit.services allows one to search for stolen information, which includes victims’ names, phone numbers, email addresses, and other personal data. Fortunately, the service was shut down in July 2023 due to concerns for cyberattacks such as Doxxing and SIM-swapping attacks. However, the service was once again made available in September. From a screenshot of the dataset, each line consists of a login URL, login name, and an associated stolen password. Understanding the Risks
Stolen Dataset Added to HIBP On 17 January 2024, it was announced that Naz.API dataset was added to Have I Been Pwned, a data breach notification service, after they received the data list from a well-known tech company. According to them, the dataset consists of 319 files, which totals to 104 GB, and contains 70,840,771 unique email addresses. It is important to note that although there are 70,840,771 unique email addresses, for each email, there are likely many other records for the different sites’ credentials that were stolen from. It was also noted that the Naz.API data is likely old as it contained some of their own and subscribers’ passwords that were used in the past. From this, they were able to extrapolate that some of the data were over 13 years old. It is recommended that you should check if your credentials are in the Naz.API dataset, via searching your credentials on Have I Been Pwned. If it is found that your email is part of the stolen data list set, the site will warn you. This indicates that at some point your computer has been compromised with information-stealing malware. If your email address is part of the stolen data list, we do highly recommend you to change passwords for all of your saved accounts, especially those accounts that are highly confidential. This includes passwords for your email accounts, bank accounts, and other personal accounts. Other Steps to Safeguard Your Digital Identity Other than checking the Have I Been Pwned, it is also important to:
Conclusion As we navigate the digital landscape, the Naz.API data breach serves as a stark reminder of the importance of cybersecurity. By taking proactive steps to protect ourselves, staying informed, and spreading awareness, we can mitigate the risks posed by data breaches and safeguard our digital identities. Remember, in the digital age, vigilance is key, and knowledge is your shield against cyber threats. Stay safe, stay secure, and empower yourself in the digital realm. Related Topics 26 Billion Records Compromised in Huge Data Leak - dubbed as “Mother of All Breaches”. Apple's Alarming Report: 2.6 Billion User Records Exposed By Data Breaches in Past 2 Years Unmasking Phishing: Your Guide to Spotting The Signs of Phishing Protect Yourself: Best Practices to Combat Phishing Attacks Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|