A good point made by Brian Krebs, if a site stores lists of all those individuals who are involved in a serious breach then that site is in itself a prime target. Although I suppose the details may have in the large part become void as victims change their details some information will still be valid, a good job the problem has been fixed before anything did happen.
2nd May 2016
Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them and then providing free access to one of the Internet’s largest collections of compromised credentials.
http://krebsonsecurity.com/wp-content/uploads/2016/05/Pwndlist-580x631.png
Pwnedlist is run by Scottsdale, Ariz. based InfoArmor, and is marketed as a repository of usernames and passwords that have been publicly leaked online for any period of time at Pastebin, online chat channels and other free data dump sites.
Full Article
How the Pwnedlist Got Pwned
Userlevel 7
+54
Userlevel 7
Agreed, Jasper...but given that the lists are already in the public domain...and being further reported via the Pwnedlist, I don't think that there is very much additional damage and to be honest I down't understand what anyone would gain from this breach.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.