DISCUSSION Thread FREE Full naz api Dataset Leaked (Download)

[0x32 7]

Nearly 71 million unique credentials stolen for logging into websites such as

This is the hidden content, please

• Sign In
• or
• Sign Up

, Roblox,

This is the hidden content, please

• Sign In
• or
• Sign Up

, and Yahoo have been circulating on the Internet for at least four months, a researcher said Wednesday.

Troy Hunt, operator of the

This is the hidden content, please

• Sign In
• or
• Sign Up

breach notification service,

This is the hidden content, please

• Sign In
• or
• Sign Up

the massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials. Hunt said he often pays little attention to dumps like these because they simply compile and repackage previously published passwords taken in earlier campaigns.

This is the hidden content, please

• Sign In
• or
• Sign Up

Post appearing on breach site advertising the availability of naz.api password data.

Not your typical password dump

Some glaring things prevented Hunt from dismissing this one, specifically the contents indicating that nearly 25 million of the credentials had never been leaked before:

1. 319 files totaling 104GB
2. 70,840,771 unique email addresses
3. 427,308 individual HIBP subscribers impacted
4. 65.03 percent of addresses already in HIBP (based on a 1,000 random sample set)

“That last number was the real kicker,” Hunt wrote. “When a third of the email addresses have never been seen before, that's statistically significant. This isn't just the usual collection of repurposed lists wrapped up with a brand-new bow on it and passed off as the next big thing; it's a significant volume of new data. When you look at the above forum post the data accompanied, the reason why becomes clear: it's from ‘stealer logs’ or in other words, malware that has grabbed credentials from compromised machines.”

 

Further Reading

A redacted image that Hunt posted showing a small sample of the exposed credentials indicated that account credentials for a variety of sites were swept up. Sites included

This is the hidden content, please

• Sign In
• or
• Sign Up

, Roblox, Coinbase, Yammer, and Yahoo. In keeping with the claim that the credentials were collected by a “stealer”—malware that runs on a victim’s device and uploads all user names and passwords entered into a login page—the passwords appear in plaintext. Account credentials taken in website breaches are almost always cryptographically hashed. (A sad aside: Most of the exposed credentials are weak and would easily fall to a simple password dictionary attack.)

This is the hidden content, please

• Sign In
• or
• Sign Up

Screenshot showing a sample of 20 credential pairs, with usernames redacted.

Have I Been Pwned?

Data collected by Have I Been Pwned indicates this password weakness runs rampant. Of the 100 million unique passwords amassed, they have appeared 1.3 billion times.

Edited February 26 by 0x32

[naziapi 1]

22 hours ago, 0x32 said:

files totaling 104GB

where is the download link?

[Black 1]

Thanks and nice

[sayakisama 0]

where is download link?

[pranavr00t 0]

please give the link to download the file

[SOCRAM24 0]

Where is the download link?

[snjiv 0]

On 2/26/2024 at 2:51 PM, 0x32 said:

me glaring things prevented Hunt from dismissing this one, specifically the contents indicating that nearly 25 million of the cr

Awesome

[adezreall 0]

thanks For this

[LilFrag 0]

bro where is the linkk

[qwrfqwfasf 0]

where is the linkk

[Absbd 0]

Where link

 

[Wolfiq 0]

Thanks

[jakub3218 0]

where download link

[teebee76669 0]

Id like the download link please

 

[JuanPrz 0]

where is download link?

[tuk9999 0]

where is download link?

[qoqj 0]

woww

[interia 0]

send download link

[Guest]

gimme download link

[fata0929 0]

Keep Going brother

[kartlen 0]

Thank you