Cybercriminals Use Dark Forums and Telegram Exchange 183 Million Stolen Credentials
Cybercriminals Use Dark Forums and Telegram Exchange 183 Million Stolen Credentials
16.4 million of the email addresses, which were gathered from multiple sources, were absent from earlier data breaches.
Cybersecurity company Synthient has found that millions of compromised credentials are lying around the internet and being shared by fraudsters via a variety of platforms.
Synthient gathered information from a number of platforms, such as social media sites, forums, Telegram channels, and the Tor network, to produce a sizable database of compromised credentials that included 183 million distinct email addresses.
According to the firm, the majority of the credentials came via information-stealing infections and were primarily exchanged on Telegram. They were exfiltrated by infecting users with malware rather than breaking into businesses.
Primary sellers of stolen data, aggregators that gather infostealer logs and re-post the material on their channels, and criminals that disseminate malware used by primary sellers are the sources of the data.
Synthient developed a method to gather and analyze all of the leaked data in order to better understand adversary architecture. The data was then collated and transmitted to the Have I Been Pwned data breach notification service.
Leaked email addresses, passwords, and the websites where the credentials were used were among the 23 billion rows in the 3.5-terabyte database. Troy Hunt, the maintainer of Have I Been Pwned, explains.
He points out that the majority of the credentials Synthient compiled were already in Have I Been Pwned’s database. Just 9% of the 16.4 million email addresses were not in prior data breaches that were added to the service.
After Hunt confirmed that the information is authentic, the email addresses and the websites they were used on may now be found on Have I Been Pwned.
Hunt added that the Synthient material included credential stuffing lists, which are usually gathered from data breaches and used to take over accounts on different web platforms, in addition to infostealer logs.
However, based on the headlines of various news publications over the past few days, the data gathered by Synthient did not come from a single data breach, much less one at Gmail, which led to a decisive response from Google.
“There is no truth to claims of a ‘Gmail security breach affecting millions of users.” […] The false reports are the result of a misinterpretation of infostealer databases, which frequently aggregate several forms of online credential theft. Google stated on X that it does not represent a new assault targeting a specific individual, tool, or platform.
Google notes that multi-factor authentication (MFA) and the use of passkeys, which are safer than passwords, are the strongest defenses against credential theft. When significant batches of compromised credentials surface, users should reset their passwords right away, the business advised.
According to KnowBe4 CISO advisor Erich Kron, “the substantial number of passwords that are compromised each year should be a very driving factor in implementing MFA and ought to encourage people to think about the importance of securing accounts, especially email accounts.”
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
Bank Details at Risk as Cybercriminals Target OTPs, Warns Police
About Author
English