More than 300,000 leaked usernames and passwords were posted by hackers on the anonymous clipboard website Pastebin in 2013, according to the Swiss security firm High Tech Bridge.
Pastebin is a favorite publishing platform of hackers, who use it to post proof of their exploits, such as a small percentage of usernames and passwords to prove an attack was successful. They’ll also often post sample credentials from paid websites like pornography or Netflix. Hacktivist groups like Anonymous, meanwhile, use Pastebin to post the personal data and passwords of law enforcement and security agencies to prove they’ve compromised them.
“This is why the majority of records with stolen personal information usually represent only 0.01 percent –1 percent of the total information compromised by the hackers,” the firm said in a statement.
Of the 311,095 credentials found, Gmail and Yahoo Mail users are nearly 50 percent of the compromised accounts easily found on Pastebin. Hotmail and the Russian service Mail.ru make up 8 and 5 percent of the email logins available on the site. The most popular social network for stolen user credentials is Facebook.
In an environment where attacks are often undetected or quieted down to avoid public scandal, this is “just the tip of the cybercrime iceberg.”
Social networks, online games, shops, and online payment systems, made up most of the credentials freely available on Pastebin. However, 40 percent of the usernames and passwords were for other or even unknown uses.
Many of the passwords that hackers found were simple (like “Hobbit2”) and prone to “dictionary and simple bruteforce attacks.” Almost half of the passwords posted were encrypted but, when people use such easily-guessed passwords, encryption is “almost useless.”
“These 300,000 are just a small percentage of the stolen information posted publicly by hackers,” said High Tech Bridge CEO Ilia Kolochenko. “It’s impossible to make a precise estimate of how many user accounts were really compromised, but I think we can speak about several hundreds of millions at least.”
He added:
“People finally need to understand that the Internet is very hostile place, while online service providers need to finally start taking network security seriously.”
H/T Threatpost | Photo M Thierry/Flickr (CC-BY-SA 2.0)