Renowned cybersecurity researcher Troy Hunt analyzed a fresh database of compromised data, which allegedly contains logins and passwords from more than 226 million accounts. The specialist tried to find out if there are sufficient grounds for adding the database to his Have I Been Pwned (HIBP) service.
Troy Hunt got hold of the file “Cit0day.in_special_for_xss.is.zip”, which weighed 13 GB in compressed state. There were two folders inside the ZIP archive: “Cit0day [_special_for_xss.is]” and “Cit0day Prem [_special_for_xss.is]”.
Then Hunt discovered a whole zoo. For example, in the first directory he found 14 669 .rar files, and in the second – 8 949 of the same archives. The researcher uploaded the contents of the files to GitHub (the first file and the second file ). After that, the specialist analyzed the archive “chordie.com {1.515.111} [HASH + NOHASH] (Arts) _special_for_XSS.IS.rar”, since it was the largest. Inside were five text files. The largest of the .txt files contained 1.5 million lines of email address and MD5 hash password.
Hunt concluded that the leaked credentials were not fake. In total, there are 226,883,414 logins and passwords in the database. If all data is considered valid, then users need to change their account passwords as soon as possible. Recall that such leaks can be used in the future in password guessing attacks.