Comparitech along with IT security researcher Bob Diachenko, have discovered a massive trove of login credentials that were exposed to public access without any authentication or security.
In 2017, HackRead exclusively reported about DoubleFlag, a hacker who was selling one billion user accounts stolen from several Chinese Internet giants including QQ, Sina, and Tencent, etc. Now, the same data has been identified to be hosted on an exposed IP address.
Screenshot from HackRead.com’s report in 2017
According to a blog post from Comparitech, the database was home to over 2.7 billion email addresses along with 1 billion passwords in plain-text format. In total, the database contained 1.5 TB of data which is ideal for cyber criminals to carry out spam and other malicious attacks.
In addition to email addresses and passwords, the records contained MD5, SHA1, and SHA256 hashes of each email address. Hashes are encrypted text—the email address, in this case—with a fixed length, wrote Paul Bischoff of Comparitech in a blog post.
The database was discovered on December 1st, 2019 indexed on the BinaryEdge search engine. The owner of the database could not be identified therefore Diachenko contacted the ISP where the IP address of the exposed database was hosted and on December 9th, the access t ..
Support the originator by clicking the read the rest link below.
