Researcher uncovers one of the biggest password dumps in recent history
Enlarge (credit: Getty Images)
Nearly 71 million unique credentials stolen for logging into websites such as Facebook, Roblox, eBay, and Yahoo have been circulating on the Internet for at least four months, a researcher said Wednesday.
Troy Hunt, operator of the Have I Been Pwned? breach notification service, said the massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials. Hunt said he often pays little attention to dumps like these because they simply compile and repackage previously published passwords taken in earlier campaigns.
Post appearing on breach site advertising the availability of naz.api password data.
Not your typical password dumpSome glaring things prevented Hunt from dismissing this one, specifically the contents indicating that nearly 25 million of the passwords had never been leaked before: