Pastebin publishes over 300,000 hacked account details in 12 months

PastebinThe security researchers at High-Tech Bridge have been taking a close look at Pastebin.com, a site which is used legitimately by programmers to share code - but also popular with hackers who wish to anonymously dump stolen data to provide evidence of a successful breach.

Having discarded from its study obvious fakes, duplicates and minor information leaks involving more than 100 users, High-Tech Bridge discovered evidence that details of 311,095 compromised accounts (usernames and passwords) had been published on Pastebin in the last 12 months.

And it didn't stop there, according to the Swiss firm, which noted that on average each leak recorded on Pastebin contained 1000 user credentials:

In many cases other personal details, such as credit card numbers, addresses and phone numbers of the victims were also published by the hackers.

Worst of all, according to researchers, the details published on Pastebin often reflected a mere "0.01% - 1% of the total information compromised by the hackers."

High-Tech Bridge CEO Ilia Ilia Kolochenko believes the problem seen on Pastebin to be just the tip of the iceberg:

"300,000 compromised user accounts during the last twelve months is a huge number if we take into consideration that this amount of information is being stored just on one single legitimate website. Moreover, these 300,000 are just a small percentage of the stolen information posted publically by hackers. It’s impossible to make a precise estimate of how many user accounts were really compromised, but I think we can speak about several hundreds of millions at least. People finally need to understand that the Internet is very hostile place, while online service providers need to finally start taking network security seriously."

Effectively, the hackers are using Pastebin as a means to advertise their hacks, and their capabilities, whilst still impacting thousands of computer users and firms around the world.

Some companies have become so worried about their private data appearing on Pastebin that they use search engine bots to automatically scour the site at regular intervals, hunting for confidential information which may relate to their business.

So what kind of information is being leaked on Pastebin?

As the following chart shows, the most common source for the leaked information published on Pastebin are email systems:

Main source of leakages posted on Pastebin

Source of Leakage Percentage from Total
Email Systems 40.9%
Miscellaneous / Mixed / Unknown 40.6%
Social Networks 13.1%
Online Games 2.8%
Online Payment Systems 1.5%
Online Shops 1.1%

Two webmail services rule the roost when it comes to the most likely leaked credentials: Gmail and Yahoo. Perhaps that's not surprising considering the popularity of the email services.

Most frequent compromised emails posted on Pastebin

Most Popular Domain Percentage from Total
gmail.com 25.1%
yahoo.com 22.0%
hotmail.com 7.6%
mail.ru 5.2%
Others 38.2%

By the way, in case you are wondering, social networking login credentials are often frequently posted on Pastebin by hackers. And there are no surprises at all which social network tops the chart.

Facebook accounts for a massive 92% of all compromised social network accounts listed on Pastebin, with Twitter taking up most of the remaining space with 7.8%.

For its part, Pastebin says that it receives a large volume of emails from users reporting abuse on its site, and does attempt to take "appropriate action" within 24 hours.

Of course, by then it's often too late.

You can learn more about High-Tech Bridge's examination of compromised accounts published on Pastebin, on the security firm's website.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

No comments yet.

Leave a Reply