Friday , September 6 2024
computer

361 Million Unique Email Credentials Leaked On Telegram

A big data breach was found with a combolist containing 122GB of data containing 361 million unique email addresses taken from thousands of Telegram channels.

The dataset contains passwords and websites linked to them. It reveals a lot of new data that has been added to the breach alert service called Have I Been Pwned (HIBP).

Cisco released security updates for two critical security flaws

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
Cisco released security updates for two critical security flaws

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
OpenBAS: Cutting-edge breach and attack simulation platform

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
Critical Security Flaws Patched in Zyxel Networking Devices

CVE-2024-38811: CEV In VMware Fusion Unveiled

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
CVE-2024-38811: CEV In VMware Fusion Unveiled

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
How Malaysia’s Data Centre Industry Poised for Growth

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
RansomHub exfiltrated data over 210 victims: US alert

Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw

There is a new way to attack Atlassian Confluence using the vulnerability CVE-2023-22527. The Confluence Data Center and Server products...
Read More
Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw

New Cicada ransomware targets VMware ESXi servers

The Cicada3301 ransomware is made in Rust and attacks Windows and Linux/ESXi hosts. Truesec researchers examined a version that targets...
Read More
New Cicada ransomware targets VMware ESXi servers

Monday hits two UK bank apps causes outages

Lloyds Bank and Virgin Money's internet banking services were down on Monday, causing trouble for users to access and view...
Read More
Monday hits two UK bank apps causes outages

Troy Hunt reported a discovery last week made by an anonymous researcher. The dataset includes 151 million email addresses not previously listed in the service, with 2 billion lines in 1,748 files. This shows that Telegram is widely used for sharing sensitive and illicit data.

Telegram is a messaging platform that offers privacy features. It lets users create channels to share information anonymously. Some people use this feature to distribute data from breaches. These data collections, also known as “combolists,” contain combinations of email addresses or usernames with passwords. These combolists are used in attacks to gain unauthorized access to accounts.

Data sent to Hunt came from 518 Telegram channels and had different sizes. Some files were very large, with millions of rows. The biggest files seemed to be a result of info stealer malware. This malware captured login information when people entered it on compromised computers. Hunt made sure the data was real by contacting HIBP subscribers and confirming that the stolen login information was accurate.

Responses from subscribers varied when contacted. Some recognized old passwords that had been used before, while others confirmed new and previously unseen data. For instance, one subscriber recognized passwords that had been used for different services over the past five years, and another identified credentials related to their daughter’s old Epic Games account. These verifications highlight the legitimacy of the data and the continued risk of credential theft.

Credential stuffing attacks use these combolists to access large numbers of accounts, which is a major threat to users. Various websites, such as Nike, Footlocker, and an Italian tire retailer, have confirmed that the stolen data includes email addresses, showing that many users are affected.

Given the severity of this breach, users are advised to take immediate action to secure their accounts:
Create new and unique passwords for all accounts.
Use a reliable password manager to create and save strong passwords.
Use two-factor authentication (2FA) whenever you can.
Check your accounts regularly for any unusual activity and turn on alerts for any unauthorized access attempts.
Update all your devices with the latest security patches.

Check Also

Chart

Minecraft Server faced 3.15 Billion Packet Rate DDoS Attack

Global Secure Layer (GSL) recently mitigated a huge volume of DDoS attack ever recorded. The …

Leave a Reply

Your email address will not be published. Required fields are marked *