Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

14 million Australian emails and addresses for sale on clear web hacking forum | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | #hacking | #aihp


Datasets move around hacking forums and websites with some regularity. One might be for sale one day, and then weeks, months or sometimes years later it shows up for free.

But it’s not often you see one quite so large as 14 million being offered up for sale.

A hacker by the name of Fancybear – probably not related to the Russian hacking group of the same name – made a for sale post on a popular clear web hacking forum on March 10.

“Australia 14 Million Leads,” the post reads. “Details: first name, last name, email, address, city, state, postcode, mobile, dob.”

The poster included 120 lines of data to prove the validity of the data set, and the details appear legitimate. The 14 million sets of “leads,” as they’re called, are currently on offer for US$7,000.

Fancybear has some form when it comes to selling data like this. In the user’s .sig, they boast of “selling mobile numbers & email lists,” adding “I have all kind [sic] of database consumer, crypto, forex, gamblers etc.”

Performing a quick analysis of the emails on HaveIBeenPwned reveals the data set appears to be a mix of previously leaked information, and newly leaked material. Some emails in the list have been leaked at least half a dozen times, either in previously collated data sets like the 2.7 billion person Collection #1 dataset or in data breaches suffered by companies and websites such as MySpace and Twitter.

But there seems to be a large number of emails – and the names and addresses associated with them – appearing in this dataset for the first time. It appears that the seller has taken several previous Australian datasets and combined them with some new data to create what is in effect a new product to sell.

Datasets such as these are sold and moved on often, as we said. There were three Australian datasets in a list of possibly related threads below this particular post, ranging in size from 12,000 to 140,000.

With that in mind, it’s a good chance to remind everyone out there to check their own details in HaveIBeenPwned, and to look after their email accounts accordingly.

It’s also worth remembering that this data is more often than not public-facing in some way, and it’s the kind of data that many of us enter into any website that requires a sign-in, or to take advantage of eCommerce.

Regardless, be careful where you save your data, and be wary of scammers taking advantage of lists like this for mass fraud campaigns.

Click Here For The Original Source.


————————————————————————————-

Translate