Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Indexeus, the search engine which menaced hacking community

Indexeus is a new search engine that indexes user account information acquired from data breaches, including hackers’ accounts stolen in the underground. A new search engine for underground hacking dubbed Indexeus has been launched, it retrieves all the available information on user account acquired from hundreds recently data data breaches. The data collected includes information on malicious hackers […]

Indexeus, the search engine which menaced hacking community

Indexeus is a new search engine that indexes user account information acquired from data breaches, including hackers’ accounts stolen in the underground.

A new search engine for underground hacking dubbed Indexeus has been launched, it retrieves all the available information on user account acquired from hundreds recently data data breaches. The data collected includes information on malicious hackers stolen recent hack, including Adobe and Yahoo!

The search engine Indexeus was developed by the Portuguese Jason Relinquo, a 23-year-old hacker which has built a searchable archive containing “over 200 million entries”. Relinquo has collected a huge amounts of data related to the accounts used by hackers, including IP addresses, email addresses, usernames, passwords, physical addresses, birthdays and other many other personal information.
“This is a service which provides easy access to hundreds of databases, which is very useful if you don’t want to bring your databases around or if you just don’t have any,”  “The goal is to make people realize that using the same information all over is stupid and will lead to you getting your information stolen, but also showing you how badly administrators keep your private data stored.” reports the Indexeus website.
Almost all the information proposed by the young guy on malicious hackers come from data breaches and hacks of popular hacking forums, it is considerable today the largest database of hackers’ personal information publicly available.
The Indexeus search engine also includes data belonging members of hackforums[dot]net, the hacking forum attended by script kiddies who are offering and buying different hacking services.

Recently another search engine captured the attention of security community, Grams Darknet Market Search Engine, specialized for researches in the underground markets, including BlackBank, C9, Evolution, Mr. Nice Guy, Pandora, The Pirate Market, and SilkRoad2.

 

Indexeus search engine

 

The Relinquo’s initial idea is that any hacker that desires to remove its credentials and data from the archive or blacklist himself from the search engine have to pay $1 per record, an economic demand for those wishing to operate in the shadows that will not be accepted willingly. Of course, this is not legal and violates directive like the EU’s “right to be forgotten“. After the popular blog Krebson Security discovered the search engine, Relinquo has changed the terms of service requesting so that users don’t have to pay to remove or completely blacklisted them from the Indexeus.

We’re going through some reforms (free blacklisting, plus subscription based searches), due some legal complications that I don’t want to escalate,” Relinquo wrote in a chat session. “If [Indexeus users] want to keep the logs and pay for the blacklist, it’s an option. We also state that in case of a minor, the removal is immediate.” states the new TOS.

The Indexeus website also seeks to sensitize its members on security issues and how they data are managed by administrators of various web services they access.

 “The purpose of Indexeus is not to provide private informations about someone [sic], but to protect them by creating awareness. Therefore we are not responsible for any misuse or malicious use of our content and service.” states the disclaimer on the search engine website.

Anyway Indexeus website was rapidly targeted by other hackers, a few days ago the search engine was defaced by hacker group Pernicious Developers which also deployed a backdoor shell on the website.

“This is the Original Pernicious Developers, we’re still here. Even if you don’t know which version of the group who did this.” states the defacement left by the hackers.

In time I’m writing indexeus.org is down.

 

indexeus hacked

 

 

indexeus website-hacked

It’s  my opinion that privacy in today’s society is utopia, search engines like Indexeus are the demonstration that it is quite easy to collect information also on individuals with a a considerable skill.  Data breaches represent an amazing source of data that could be easily obtained and analyzed by mining tools to discover also hidden links between accounts and individuals in the cyberspace.

What do you think about online privacy?

Pierluigi Paganini

Security Affairs –  (Indexeus , hacking)