Friday, January 27, 2023
  • Gartner® Report: Prioritizing Security Controls for Enterprise Servers and End-User Endpoints
  • Clarification of Obligations for the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
  • CBA AND FIDO: One, Other, or Both?
  • VMware vRealize Log Insight VMSA-2023-0001 IOCs
  • Chainguard Unveils Memory-Safe Linux Distribution

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Credential Stuffing List Containing 111 Million Records Found Online

SBN

Credential Stuffing List Containing 111 Million Records Found Online

by David Bisson on July 10, 2018

A security researcher discovered an online credential stuffing list containing 111 million records that attackers could abuse to prey upon unsuspecting users.

TechStrong Con 2023Sponsorships Available

Troy Hunt, an Australian web security expert and creator of the second version of Pwned Passwords, learned about the list from several supporters of his Have I Been Pwned service. They directed him to a list called “Pemiblanc” that someone posted on a French server at the beginning of April. As of this writing, the list is no longer available, with the data now inaccessible.

Inside of the list was a folder called “USA” that contained several different files consisting of email addresses and password pairs. In total, the folder stored 111 million records. These included 6.8 million email addresses and 50 million passwords that had not previously appeared in Have I Been Pwned and Pwned Passwords, respectively.

A screenshot of the USA folder’s contents within the Pemiblanc list. (Source: Troy Hunt)

At the time of publication, Hunt said he was working on creating a third version of Pwned Passwords so that users can check their passwords against this new data.

While he works on that resource, he said it’s difficult for users to learn what service might have leaked their data. Hunt said the records likely represent information exposed by multiple data breaches. Even so, he did make a recommendation to users in a blog post on how they can protect against credential stuffing attacks, or the automated injection of compromised credentials to gain access to web accounts.

The entire value proposition of credential stuffing lists goes away when people do this and the impact of a data breach is constrained to that single site rather than putting all your accounts at risk. I first wrote about password managers 7 years ago when I (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/credential-stuffing-list-containing-111-million-records-found-online/

July 10, 2018July 10, 2018 David Bisson credential stuffing, email, IT Security and Data Protection, Latest Security News, Password
  • ← Companies Collect More Data Than They Can Analyze
  • Cyberespionage Group Steals Certificates to Sign Malware →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

Orgs Must Prepare for SEC Cybersecurity Requirements Aimed at Boards
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Russia-Linked Attackers Target US Nuclear Research Facilities
What is PSaaS and is it Worthwhile?
The Security Challenges of API Sprawl
Massive Tech Layoffs Continue to Increase Insider Risks for Enterprises
What Are Open Source Kubernetes Policy Engines? Why You Need One & How to Pick
Why do Hackers Steal? 5 Motives Behind Data Breaches | Eureka Security
Identity Verification for Neo Banking: Ensuring Security and Compliance
Multi-factor Authentication

Upcoming Webinars

Tue 31

Moving Beyond SBOMs to Secure the Software Supply Chain

January 31 @ 11:00 am - 12:00 pm
Tue 31

Live-Hacking Container Workloads on AWS

January 31 @ 1:00 pm - 2:00 pm
Feb 01

Achieving DevSecOps: Reducing AppSec Noise at Scale

February 1 @ 1:00 pm - 2:00 pm
Feb 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Feb 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Feb 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Feb 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Feb 22

Best Practices to Secure Your Software Supply Chain

February 22 @ 1:00 pm - 2:00 pm
Feb 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | 4 days ago 0
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Analytics & Intelligence API Security Careers Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

January 20, 2023 Richi Jennings | Jan 20 0
APIs in Vehicle Software Vulnerable to Attacks
API Security Application Security Cybersecurity Data Security Featured Industry Spotlight Malware Security Boulevard (Original) Threat Intelligence Vulnerabilities 

APIs in Vehicle Software Vulnerable to Attacks

January 18, 2023 Sue Poremba | Jan 18 0

Top Stories

Chainguard Unveils Memory-Safe Linux Distribution
Application Security Cybersecurity Featured Mobile Security Network Security News Security Awareness Security Boulevard (Original) Spotlight 

Chainguard Unveils Memory-Safe Linux Distribution

January 27, 2023 Michael Vizard | Yesterday 0
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

January 27, 2023 Richi Jennings | Yesterday 0
More Details of LastPass Breach: Hackers Used Stolen Encryption Key
Analytics & Intelligence Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

More Details of LastPass Breach: Hackers Used Stolen Encryption Key

January 27, 2023 Teri Robinson | Yesterday 0

Security Humor

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.