Security News > 2021 > February > Billions of Passwords Offered for $2 in Cyber-Underground

"Some users claimed that files were corrupted, files were missing, the total number of credentials was smaller than advertised, and the data was of low quality," he explained - all of which led to Singularity0x01 gaining a negative reputation rating on the criminal forum.

Dustin Warren, senior security researcher at SpyCloud, also took a look at the data and determined that the login combos have been in Dark Web circulation for some time.

"The data appears to be full of account credentials that had been part of previously known breaches. In fact, this one appears to be a re-release of the Collection Combos leak from 2019, the Anti Public Combo list from 2016 and potentially others, but released with some tools for deduping, sorting and parsing of the data to make it easier to use. In other words, there is nothing new here."

Thanks to password reuse, hackers can use the data to mount brute-force or credential-stuffing attacks in an effort to hijack any number of types of accounts.

"It is an important reminder that old passwords can come back to haunt users who reuse them across accounts, which is why even old data can be useful to criminals," Warren said.

"Threat actors are no doubt running credential-stuffing attacks with this data so any accounts using the same logins and passwords could still be in jeopardy."

News URL

https://threatpost.com/billions-passwords-cyber-underground/163738/