Dataset with 42 Million Emails and Passwords Uploaded on

Security researcher and privacy advocate Troy Hunt has reported an intriguing incident involving a free, public, and anonymous hosting service. Apparently, a large database containing email addresses, passwords in clear text and partial credit card details has been uploaded to To be more precise, the total amount of unique email addresses and passwords in plain text is 41,826,763.

In fact, got in touch with Hunt and sent him the data (755 files totaling 1.8GB) so that the researcher could check if it was a result of a data breach. However, this is the moment to highlight that the report isn’t about a data breach of “There’s absolutely no indication of any sort of security incident involving a vulnerability of that service”, Hunt said in his article. is a free, public, anonymous hosting service. The operator of the service (Kayo) reached out to me earlier this week and advised they’d noticed a collection of files uploaded to the site which appeared to contain personal data from a breach.

More about the 1.8GB Data Uploaded on

Hunt notes that the data is the standard username:password pair used in credential stuffing attacks. Such attacks are designed to harvest data from multiple data breaches and mix it into a single unified list. This allows attackers to use it in account takeover attempts on other services, the researcher explained.

Besides the username:password pair, the data set also contained other details as well. Some files were with logs, some with partial credit card data and some with Spotify details. Please note that:

This doesn’t indicate a Spotify breach, however, as I consistently see pastesimplying a breach yet every time I’ve delved into it, it’s always come back to account takeover via password (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: