News

Over 70 Million Users at Risk as Stolen Login Credentials Cache Unearthed

In an age where online threats loom large, the security of your usernames and passwords for websites, apps, and services remains under constant siege from cybercriminals seeking to exploit your credentials for their gain. Unfortunately, this is not an isolated event but an ongoing challenge that internet users face. Despite efforts to safeguard our digital identities, the persistence of these threats is a stark reality.

What’s even more alarming is that many victims may not even realize that their login details have fallen into the wrong hands until it’s too late. This could be the case for a staggering 70+ million individuals, as a significant cache of stolen usernames and passwords associated with popular websites, apps, and services such as eBay, Facebook, and Coinbase has recently come to light.

This vast repository of stolen credentials, known as Naz.API, was brought to public attention by Troy Hunt, the creator of the widely used website breach tracking platform “Have I Been Pwned.” Hunt was alerted to the existence of this alarming credential stuffing list by an unnamed but reputable tech company.

The list, Naz.API, was discovered on a well-known hacking forum and was linked to a post dating back nearly four months. While such discoveries might often be dismissed as recycled information, further investigation revealed a shocking revelation. Almost one-third of the data sampled from this list had never been seen online before.

To put it into perspective, out of the 70 million unique email addresses in the list, up to 23 million accounts could be compromised for the first time.

Many may wonder if they are among the affected individuals. According to the original forum post, the information within the Naz.API list was obtained from “stealer logs,” signifying that it was harvested from infected machines compromised by various forms of malware.

When a computer becomes infected with malware, it has the capability to exfiltrate stolen credentials through techniques like keylogging, where every keystroke made on the infected machine is recorded and transmitted to an attacker.

The Naz.API list contains a combination of both older and more recent information, making it relevant to anyone whose accounts are listed—especially if those accounts are linked to bank cards with transaction capabilities.

To assist individuals in determining if their data has been affected by this latest discovery, the emails found within the Naz.API list have been integrated into the broader database on HaveIBeenPwned.com. This platform allows users to search for their email addresses to see if their data has been compromised in recent breaches or credential stuffing lists.

Have I Been Pwned (HIBP) is a secure and free service that only retains the email portion of breached data. Conducting a search on HIBP can provide users with early awareness of any potential compromises, prompting them to change their passwords promptly for enhanced security.

Leave a Reply

Your email address will not be published. Required fields are marked *