A significant collection of 361 million email addresses—obtained through various means such as password-stealing malware, credential stuffing attacks, and data breaches—has been incorporated into the Have I Been Pwned data breach notification service. This service allows individuals to verify whether their accounts have been compromised.
Cybersecurity experts gathered these credentials from multiple Telegram cybercrime channels, where stolen data is frequently disseminated to enhance the channel’s reputation and attract subscribers.
The compromised data typically includes:
- Username and password combinations (often pilfered via credential stuffing attacks or data breaches).
- Username and passwords along with an associated URL (acquired through password-stealing malware).
- Raw cookies (extracted via password-stealing malware).
Image source Troy Hunt
Telegram is often used as an open web, app based dark forum where people can share user credentials and illicit material. It shares many anonymising attributes as the dark web hence it attracts cybercriminals for malicious activity. Combolists are becoming increasingly more popular but people need to be very careful if they are tempted into downloading this content.
These usernames and passwords are often stolen using infostealer malware that is placed on compromised machines making robust, up to date anti malware even more vital.
Furthermore, with new email addresses and user passwords being compromised and shared with such ease, it also sets the perfect reminder to use unique passwords and to implement multi factor authentication.
by Jake Moore, ESET
ESET Ireland 