Sunday, January 24, 2021
  • SwiftR Switcheroo: Calling [Compiled] Swift from R!
  • DEF CON 28 Safe Mode IoT Village – Netspooky’s ‘Hella Booters, Why IoT Botnets Aren’t Going Anywhere’
  • Requiescat In Pacem, Henry Louis (Hank) Aaron 1934 – 2021
  • DEF CON 28 Safe Mode IoT Village – Sanjana Sarda’s ‘Kicking Devices, Taking CVEs: Zoomer Guide To Hacking’
  • Encoded Tyranny: Was Reagan’s “Shining City on a Hill” Intolerance for Dissent?

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Credential Stuffing List Containing 111 Million Records Found Online

Credential Stuffing List Containing 111 Million Records Found Online

by David Bisson on July 10, 2018

A security researcher discovered an online credential stuffing list containing 111 million records that attackers could abuse to prey upon unsuspecting users.

Troy Hunt, an Australian web security expert and creator of the second version of Pwned Passwords, learned about the list from several supporters of his Have I Been Pwned service. They directed him to a list called “Pemiblanc” that someone posted on a French server at the beginning of April. As of this writing, the list is no longer available, with the data now inaccessible.

Inside of the list was a folder called “USA” that contained several different files consisting of email addresses and password pairs. In total, the folder stored 111 million records. These included 6.8 million email addresses and 50 million passwords that had not previously appeared in Have I Been Pwned and Pwned Passwords, respectively.

A screenshot of the USA folder’s contents within the Pemiblanc list. (Source: Troy Hunt)

At the time of publication, Hunt said he was working on creating a third version of Pwned Passwords so that users can check their passwords against this new data.

While he works on that resource, he said it’s difficult for users to learn what service might have leaked their data. Hunt said the records likely represent information exposed by multiple data breaches. Even so, he did make a recommendation to users in a blog post on how they can protect against credential stuffing attacks, or the automated injection of compromised credentials to gain access to web accounts.

The entire value proposition of credential stuffing lists goes away when people do this and the impact of a data breach is constrained to that single site rather than putting all your accounts at risk. I first wrote about password managers 7 years ago when I (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/credential-stuffing-list-containing-111-million-records-found-online/

July 10, 2018July 10, 2018 David Bisson credential stuffing, email, IT Security and Data Protection, Latest Security News, Password
  • ← Companies Collect More Data Than They Can Analyze
  • Cyberespionage Group Steals Certificates to Sign Malware →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

How Utilities Can Mitigate Cyberthreats
Stealthbits Adds Data Privacy Engine
3 Cybersecurity Challenges for Remotely Operating Critical Systems
Trump Hates Cloud, Because China Cyber?
FBI to Investigate Parler, New Russian Host will be Revoked
Why are Employees Most Vulnerable to Cyber Attacks?
IAM Best Practices For DevOps
2020 Year in Review: the best of WP White Security
Insider Threats Are on the Rise and Growing More Costly. You Need the Right Tools to Detect Them
What Were BullPhish ID’s Top Phishing Scams of 2020?

Upcoming Webinars

Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 09

How 2020’s Top 5 Attacks Reveal the Coming Cyberthreats in 2021

February 9 @ 1:00 pm - 2:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm
Feb 18

Protecting Sensitive Customer Data in the New Remote Agent Environment

February 18 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

What Are the 5 Elements of Trustworthy Digital Transformation?
CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Identity & Access Industry Spotlight Security Awareness Security Boulevard (Original) 

What Are the 5 Elements of Trustworthy Digital Transformation?

January 22, 2021 Tom Kellermann | 2 days ago 0
5 Questions to Ask When Adopting a New SaaS Tool
Application Security CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

5 Questions to Ask When Adopting a New SaaS Tool

January 22, 2021 Dudi Cohen | 2 days ago 0
3 Cybersecurity Challenges for Remotely Operating Critical Systems
Application Security Cybersecurity Endpoint Identity & Access Industry Spotlight Network Security Security Awareness Security Boulevard (Original) 

3 Cybersecurity Challenges for Remotely Operating Critical Systems

January 21, 2021 Bill Moore | 3 days ago 0

Top Stories

FBI to Investigate Parler, New Russian Host will be Revoked
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Endpoint Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Uncategorized 

FBI to Investigate Parler, New Russian Host will be Revoked

January 22, 2021 Richi Jennings | 1 day ago 0
Trump Hates Cloud, Because China Cyber?
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight Threat Intelligence 

Trump Hates Cloud, Because China Cyber?

January 21, 2021 Richi Jennings | 2 days ago 0
Capitol Rioters ID’ed With Help From Dating Apps
Cyberlaw Cybersecurity Featured Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Capitol Rioters ID’ed With Help From Dating Apps

January 18, 2021 Richi Jennings | Jan 18 0

Security Humor

via     the  Comic Noggins  of   Nitrozac     and     Snaggy     at     The Joy of Tech®   !

Joy Of Tech® ‘After Trump’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.