42 Million Emails and Passwords Exposed on Kayo.Moe hosting
Hackers leaked a database of around 42 million Emails, passwords, credit card & Spotify details to Kayo.moe, a free file hosting website service.
Security Researcher Troy Hunt was informed about an enormous data leak with around 42 million clients influenced. A database containing usernames and passwords of 41,826,763 clients was saved in plain-text file format. A portion of the sections additionally contained bank account credit card details.
The data leak has been recorded on the famous website Have I Been Pwned (HIBP). If you need to check that you have been influenced by this data breach then you can make a request to this site and just put in your email to get a report. It is likely that the clients who had their passwords breached have been influenced because of qualification stuffing. Numerous web clients frequently utilize the same username and passwords on various sites for comfort, which makes it simple for aggressors to misuse different records in the meantime.
Troy Hunt, security analysts stated – “When I pulled the email addresses out of the file, I found almost 42M unique values. I took a sample set and found about 89% of them were already in HIBP which meant there was a significant amount of data I’ve never seen before. (Later, after loading the entire data set, that figure went up to 93%.).”
New breach: The operator of the anonymous file sharing service kayo[.]moe identified a collection of 42M email addresses and passwords used for credential stuffing. 93% of the email addresses were already in @haveibeenpwned. Read more: https://t.co/EN4IIsqKe3
— Have I Been Pwned (@haveibeenpwned) September 13, 2018
Weekly update is up! I'm on a boat with @Scott_Helme and we're talking about .NET Conf, Chrome visual changes, the FreshMenu breach, CSP filtering, public shaming, the Kayo[.]moe Credential Stuffing List and securing JS dependencies https://t.co/ExYUUIGCgx
— Troy Hunt (@troyhunt) September 15, 2018
Troy Hunt uncovered that more than 91% of the usernames and passwords were at that point recorded on his site. The filenames and the database of passwords don’t point towards a specific source as per the security analyst.
To protect yourself against these kinds of attacks, it is prescribed not to reuse passwords over numerous sites as a data leak can make various records get misused. Cybercriminals regularly exchange usernames and passwords on the dark web, which can be extremely perilous for clients who use delicate individual information. Clients should use 2-factor Authentication (2-FA) to protect their account from these kinds of attacks.