Thursday , November 21 2024
computer

361 Million Unique Email Credentials Leaked On Telegram

A big data breach was found with a combolist containing 122GB of data containing 361 million unique email addresses taken from thousands of Telegram channels.

The dataset contains passwords and websites linked to them. It reveals a lot of new data that has been added to the breach alert service called Have I Been Pwned (HIBP).

CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE

Trend Micro released a security update for Deep Security 20 Agent Manual Scan Command Injection RCE Vulnerability (CVE-2024-51503) that resolves...
Read More
CVE-2024-51503  Trend Micro released updates for Deep Security Agent RCE

Apple Releases Patch for two Actively Exploited Zero-Day

Apple released critical updates for its various products including for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day...
Read More
Apple Releases Patch for two Actively Exploited Zero-Day

Maxar Space Data Leak, Company admit, Investigation ongoing!

Maxar Space Systems has verified a major data breach that exposed particular information of current and former workers. The breach...
Read More
Maxar Space Data Leak, Company admit, Investigation ongoing!

GitHub CLI Vulnerability Could Allow RCE

A security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) could allow remote code execution on users' devices. With...
Read More
GitHub CLI Vulnerability Could Allow RCE

“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data

“Sarcoma” ransomware group attacked a well known Bangladeshi insurance company named "Popular life insurance company ltd". The threat actor keeps...
Read More
“Sarcoma” ransomware group  Hacker to disclose “Popular Life Insurance” 36 GB of stolen data

BugHunt 2024: A Milestone Cyber security Competition held at Dhaka

Bug Hunt 2024, one of the largest cyber security competitions and conferences in Bangladesh, was successfully held at the ICT...
Read More
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka

TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely

A serious security flaw has been found in some TP-Link routers, potentially enabling hackers to remotely access the affected devices.The...
Read More
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely

WSJ reports
T-Mobile hacked in massive breach of telecom networks

The Wall Street Journal reported on Friday citing people familiar with the matter that T-Mobile’s network was among the systems...
Read More
WSJ reports  T-Mobile hacked in massive breach of telecom networks

Palo Alto Networks Confirms critical RCE zero-day actively exploited

"Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall...
Read More
Palo Alto Networks Confirms critical RCE zero-day actively exploited

CISA, FBI Warns
Hacker compromised multiple teleco network at US

US authorities have revealed a major cyberespionage campaign by hackers, targeting information from Americans in government and politics. The FBI...
Read More
CISA, FBI Warns  Hacker compromised multiple teleco network at US

Troy Hunt reported a discovery last week made by an anonymous researcher. The dataset includes 151 million email addresses not previously listed in the service, with 2 billion lines in 1,748 files. This shows that Telegram is widely used for sharing sensitive and illicit data.

Telegram is a messaging platform that offers privacy features. It lets users create channels to share information anonymously. Some people use this feature to distribute data from breaches. These data collections, also known as “combolists,” contain combinations of email addresses or usernames with passwords. These combolists are used in attacks to gain unauthorized access to accounts.

Data sent to Hunt came from 518 Telegram channels and had different sizes. Some files were very large, with millions of rows. The biggest files seemed to be a result of info stealer malware. This malware captured login information when people entered it on compromised computers. Hunt made sure the data was real by contacting HIBP subscribers and confirming that the stolen login information was accurate.

Responses from subscribers varied when contacted. Some recognized old passwords that had been used before, while others confirmed new and previously unseen data. For instance, one subscriber recognized passwords that had been used for different services over the past five years, and another identified credentials related to their daughter’s old Epic Games account. These verifications highlight the legitimacy of the data and the continued risk of credential theft.

Credential stuffing attacks use these combolists to access large numbers of accounts, which is a major threat to users. Various websites, such as Nike, Footlocker, and an Italian tire retailer, have confirmed that the stolen data includes email addresses, showing that many users are affected.

Given the severity of this breach, users are advised to take immediate action to secure their accounts:
Create new and unique passwords for all accounts.
Use a reliable password manager to create and save strong passwords.
Use two-factor authentication (2FA) whenever you can.
Check your accounts regularly for any unusual activity and turn on alerts for any unauthorized access attempts.
Update all your devices with the latest security patches.

Check Also

Tower

CISA, FBI Warns
Hacker compromised multiple teleco network at US

US authorities have revealed a major cyberespionage campaign by hackers, targeting information from Americans in …

Leave a Reply

Your email address will not be published. Required fields are marked *