People simply don't care to better protect their online identities and undervalue their worth to hackers. I became curious to know (realistically) how many online accounts an attacker would be able to compromise from a single data breach, so I began to scour the open internet for leaked databases.
As I mentioned, this dataset was leaked from a small, unknown gaming website. Selling these gaming accounts would produce very little value to a hacker. The value is in how often these users reused their username, email, and password across other popular websites.
All of the usernames were redacted, but we can see 246 Reddit, Microsoft, Foursquare, Wunderlist, and Scribd accounts were reported as having the same exact username:password combinations as the small gaming website dataset.
After running the Shard command, a total of 219 Twitter, Facebook, BitBucket, and Kijiji accounts were reported as using the same exact username:password combinations. Interestingly, there were no Reddit detections this time.
The Shard results determined that 166 BitBucket accounts were compromised using this password-reuse attack, which is inconsistent with Credmap's BitBucket detection of 111 accounts. Both Crepmap and Shard haven't been updated since 2016 and I suspect the BitBucket results are mostly (if not entirely) false positives. It's possible BitBucket has altered their login parameters since 2016 and has thrown off Credmap and Shard's ability to detect a verified login attempt.
In total (omitting the BitBucket data), the compromised accounts consisted of 61 from Twitter, 52 from Reddit, 17 from Facebook, 29 from Scribd, 23 from Microsoft, and a handful from Foursquare, Wunderlist, and Kijiji. Roughly 200 online accounts compromised as a result of a small data breach in 2017.
If the Credmap and Shard detections were updated, and if I had dedicated more time to crack the remaining 57% of hashes, the results would be higher. With very little effort and time, an attacker is capable of compromising hundreds of online accounts using just a small data breach consisting of 1,100 email addresses and hashed passwords.
Magnificent beat ! I wish to apprentice while you amend your website,how could i subscribe for a weblog site? The account helped mea acceptable deal. I had been a little bit acquainted of this your broadcast offered vibrant transparent idea
Fantastic beat ! I would like to apprentice whilst you amend your web site, how could i subscribe for a weblog website?The account aided me a appropriate deal. I have been tiny bit familiar of this your broadcast provided bright clear idea
Attractive section of content. I just stumbled upon yourweblog and in accession capital to assert that I acquire actuallyenjoyed account your blog posts. Anyway I will be subscribingto your feeds and even I achievement you access consistently rapidly.
Great beat ! I wish to apprentice while you amend your website,how can i subscribe for a blog website? The account helped me aacceptable deal. I had been a little bit acquaintedof this your broadcast provided bright clear idea
Attractive component of content. I just stumbled upon your site and in accession capital to claim that I acquire actually enjoyed accountyour blog posts. Anyway I will be subscribing for your feeds or even I success youaccess consistently quickly.비아그라 구매 2b1af7f3a8