Many media are currently reporting on an alleged massive data leak, in which 16 billion access data, for example to “Apple, Facebook, Google and others” (Titelt, for example) got into the wrong hands. Source is once more cybernews – which has already noticed massive exaggerations and the sensational hinge of finds of data sachers with old, long -known data that has long been known. In this case too, excitement about supposed data leaks is out of place.
Now Cybernews writes under the almost suitable title “The 16-billion entries dates that nobody has ever heard of” that anonymous security researchers have found 30 exposed data holds with tens of millions of up to 3.5 billion entries each since the beginning of the year, which add up to 16 billion access data. There are no reports of the individual data sachers, only from one with 184 million. The data loads were only accessible for a short time, it was temporarily accessible unsecured elasticsearch instances or object storage instances.
Content of the data finds
“The researchers claim that most data are a mixture of details of informationTEALER-MALWARD, credential stuffing sets and newly packaged leaks,” the company describes the data finds themselves. The data could not have been effectively compared, but “it is certainly to assume that overlaps are definitely available. In other words, it is impossible to say how many people or accessible were actually exposed “.
However, the researchers had found most of the information in a clear structure: URL followed by log-in details and passwords, such as collecting and laying down “modern information management”. The databases are particularly “logins” or “credentials”, but also geographical assignments such as “Russian Federation” or services such as “Telegram”. These are also more indications that (known) data have been prepared there.
Data from infostealers usually end up in openly accessible data sachers, which are often also discovered. Troy Hunt’s Have-i-Been-Pwned project now also collects this data and can warn registered users, provided that their data appears in such data finds. Hunt had already classified with the “mother of all data” (Moab, “Mother of All Breaches”)), as Cybernews exaggerated a data find in early 2024: it was a collection of long -known data. So far, Hunt has not yet responded to our request to assess this supposedly new data leak.
Breach, leak or simple collecting?
In the reporting on such events, the accuracy is sometimes subject to the longing for a gripped heading. Titles English -language media from a “Breach” is usually meant by a dating through a break -in directly from a company or site operator, such as Google or Apple. This is obviously not the case here – although the authors suggest the headline. At most, it could be a “leak” according to the media description, i.e. accidentally accidentally made by criminals.
The “clear structure” of the data is also common in the scene and is well known in the scene and is known to every reasonably serious player in the info-manager environment: it is so-called “txtbases”, ie in text format access data. Usually the scene uses the format “Dienst|Benutzername|Passwort“, Txtbase files can be downloaded free of charge in openly accessible messenger groups.
As a short finger exercise for the bridge day, we logged into a well -known exchange place for such data records and downloaded almost 70 text files with a total volume of approx. 7 GB. These contain around 122 million entries, including 4 million entries for Metas Social Network Facebook. However, the overlap is significant: half of the Facebook account seeds appear two or several times in our sample.
While the Heise Security editorial team deals with command line tools such as Grep and AWK (and does not save the data obtained in a leak database), access data expert Troy Hunt is much more professional. Last February, he processed a database of 23 billion entries and minutically documented the process in his blog.
In total, on the Txtbase exchange we controlled over 10,200 files are available for download, according to our sample with an average of 1.8 million lines per file. This means that in this one source alone there are over 19 billion access data-almost 20 percent more than in the headlining “Mega-Leak”. And that without Darknet Brimberium and payments to cybercriminals, so to speak, without leak and double soil.
Panic again inappropriate
This knowledge shows that panic based on the “new revelation” is inappropriate. As in the past, cybercriminals try to qualify old data finds and to break into service using credential stuffing. Internet users must still remain careful as to whether unusual access to services they use are carried out and, if necessary, change passwords if necessary. Activating multi -factor authentication or even the use of passkeys is recommended for better protection.
InfoTealers also remain a widespread phenomenon. Just recently we came across painting with macOS tips, but the malware authors hide the hidden malware also in game betas and fake apps. Criminal prosecutors therefore concentrate in the “Operation Endgame” on the cyber criminals that operate a profitable ecosystem around the infovereader.
(dmk)
