U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Operator at kayo.moe found a 42M Record Credential Stuffing Data ready to use

Operator at kayo.moe found a 42M Record  Credential Stuffing Data containing email addresses, plain text passwords, and partial credit card info. A huge archive containing email addresses, plain text passwords, and partial credit card data has been found on a free anonymous hosting service, Kayo.moe. The operator of the service shared the file with the popular expert Troy Hunt […]

credential stuffing

Operator at kayo.moe found a 42M Record  Credential Stuffing Data containing email addresses, plain text passwords, and partial credit card info.

A huge archive containing email addresses, plain text passwords, and partial credit card data has been found on a free anonymous hosting service, Kayo.moe.

The operator of the service shared the file with the popular expert Troy Hunt who operates the Have I Been Pwned data breach notification service asking him to check the source of the huge trove of data.

The data is not related to a data breach of kayo.moe, the platform was not impacted by any incident.

The database shared by Kayo includes over a total of 755 files totaling 1.8GB.

According to Hunt, the data in the archive were collected for credential stuffing attacks, typically hackers obtain data from multiple breaches then combine them into a single unified list.

The attackers were likely planning to run them automatically against multiple online services and compromise user accounts.

Roughly 89% of the records in a sample set analyzed by Hunt were already in the HIBP archive, this means that the archive anyway contains a huge quantity of data that were not present.

“When I pulled the email addresses out of the file, I found almost 42M unique values. I took a sample set and found about 89% of them were already in HIBP which meant there was a significant amount of data I’ve never seen before. (Later, after loading the entire data set, that figure went up to 93%.),” Hunt wrote a blog post.

“There was no single pattern for the breaches they appeared in and the only noteworthy thing that stood out was a high hit rate against numeric email address aliases from Facebook also seen in the (most likely fabricated) Badoo incident. Inverting that number and pro-rata’ing to the entire data set, I’d never seen more than 4M of the addresses. So I loaded the data.”

Credential Stuffing Data

 

“The data also contained a variety of other files; some with logs, some with partial credit card data and some with Spotify details.” added Hunt. “This doesn’t indicate a Spotify breach, however, as I consistently see pastes implying a breach yet every time I’ve delved into it, it’s always come back to account takeover via password reused.”

To avoid being vulnerable to credential stuffing attacks the best defense is to use different credentials for each web service we use. Don’t reuse passwords!

Always use a two-factor authentication mechanism when implemented by the service we access to, and use strong password that can be generated by password manager applications.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – credential stuffing attacks, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]