May 192019
 

The Canadian Press reports:

The RCMP says a Canadian-based company that peddled an illicit trove of 1.5 billion user names and associated passwords has pleaded guilty to criminal charges.

In a news release, the Mounties say Defiant Tech Inc. admitted in court Friday to trafficking in identity information and possession of property obtained by crime a year after charges were laid in the probe.

The investigation began three years ago, when the RCMP learned the website LeakedSource was being hosted on servers in Quebec.

Read more on CTV.

Jan 262017
 

Zack Whittaker reports:

LeakedSource, a for-profit breach notification site that helped break the news of some of last year’s largest data breaches, has apparently been raided by law enforcement.

News of the raid, which can’t be confirmed at the time of writing, first broke on Thursday through a note posted on a vritual markets forum earlier in the day.

LeakedSource’s website appears to have been pulled offline.

Read more on ZDNet.

Sep 012016
 

Here’s yet another hack from 2012 where the data are now first circulating online. See previous coverage of the Last.fm hack here.

Today LeakedSource announced that they had added the Last.fm data to their repository:

Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users. This data set was provided to us by [email protected] and Last.fm already knows about the breach but the data is just becoming public now like all the others.

Each record contains a username, email address, password, join date, and some other internal data. We verified the legitimacy of this data set with Softpedia reporter Catalin C who was in the breach himself along with his colleagues.

[…]

Passwords were stored using unsalted MD5 hashing. This algorithm is so insecure it took us two hours to crack and convert over 96% of them to visible passwords, a sizeable increase from prior mega breaches made possible because we have significantly invested in our password cracking capabilities for the benefit of our users.

For additional analyses of passwords and emails, see LeakedSource.com. You can also go to their home page to search to see if your information was caught up in any incident they’ve archived.

Aug 162016
 

From LeakedSource.com:

Socialblade.com was hacked in August of 2016. Their main website contains 273,086 users while their forums contains only 13,009. Each record contains an email address, ip address, username, user identifier, and one password.

Additionally, data we haven’t imported includes authentication tokens for YouTube, Instagram and Twitter for thousands of users as well as some statistics on large subscriber bases.

Anyone may use any information on this page for free provided LeakedSource is given credit and a direct link back.

You may search for yourself in the leaked SocialBlade database by visiting our homepage. If your personal information appears in our copy of this database, or in any other leaked database that we possess, you may remove yourself for free.

Read more on LeakedSource, where you will not be surprised to learn that the most common password in the data was 123456, but you’ll also see some interesting data analyses related to the recent Leafyishere sub botting controversy.

Jun 082016
 

From LeakedSource:

Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This data set was provided to us by a user who goes by the alias “[email protected]”, and has given us permission to name them in this blog.

[…]

You may search for yourself in the leaked Twitter.com credentials by visiting our homepage. If your personal information appears in our copy of the Twitter credentials, or in any other leaked database that we possess, you may remove yourself for free

[…]

This data set contains 32,888,300 records. Each record may contain an email address, a username, sometimes a second email and a visible password. We have very strong evidence that Twitter was not hacked, rather the consumer was. These credentials however are real and valid. Out of 15 users we asked, all 15 verified their passwords.

The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter.

You can search for your info on LeakedSource’s home page, here. Read more on LeakedSource’s blog post about Twitter, here.