1. Home
    2. »
  2. Blog
    3. »
  3. Threat Analyze
    4. » Not the First, Not the Last: Understanding the 16 Billion Infostealer Leak

Not the First, Not the Last: Understanding the 16 Billion Infostealer Leak

- Posted in Threat Analyze by - Permalink
Not the First, Not the Last: Understanding the 16 Billion Infostealer Leak

Background: Recently, the media reported on a leak of 16 billion cleartext passwords that were found on an underground platform. As a result, the team behind the discovery noticed that the names of several major tech companies were visible in the data. With that in mind, let's break down and analyze the issue in separate sections.

Scope: Enterprise creds in clean text view and scope of companies whose creds were in leak .

Enterprise creds. in clean text: It is a well-known practice for companies to store their passwords in databases in a hashed form. This means that each time a user enters their password, the system converts it into a hash on the frontend or backend before comparing it with the hashed value stored in the database. Based on the result of this comparison, the enterprise system either grants the user access or denies it. In other words, even if threat actors manage to breach the company’s database, they will not be able to obtain the passwords in plain text.

Scope of companies whose creds. were in leak over their customers infection: There is currently a large underground market where anyone with cryptocurrency can buy stolen data directly from first-hand sellers. These sellers operate special software related to the infostealer family, which can infect machines through various methods and steal stored passwords from browsers. The stolen data is then sold by these first-hand sellers. As a result, it has become relatively easy to organize and collect such data leaks.

Example of how such a mainstream leak can be created: Based on tests, collecting 16 billion records would require a file of no more than 250GB, making it relatively easy to find such leaks on today’s market. In the past, cybersecurity industry specialists had seen many such cases. However, in reality, such a massive leak is often just a collection that has been compiled from different sources.

Conclusion: We don’t always need to trust the sources from which we read news. Sometimes, even reporters can unintentionally provide information they are not fully aware of. For this reason, always check the source and try to validate such findings on your own. A

Tags:

Related posts

« »