Researchers at GDI Foundation recently took a look at sites where you can find or buy records with users’ login credentials. The researchers validated the accuracy of some the records by contacting individuals whose details they found on some sites.
The risk of such sites is obvious — criminals can cheaply buy data that they can use for all kinds of attacks. In some cases, the passwords in the database are working passwords because the users never knew that they had been compromised or they reused them across sites.
GDI’s researchers, led by Sanyam J., looked at four sites that they describe and discuss in their report: Weleakinfo[.]to, Breachdirectory[.]tk, Ghostproject[.]fr, and Hackinstatgxl3zk[.]onion
CAUTION: With respect to the breachdirectory.tk site, the researchers note:
as of today, whoever visits this website, please be careful the website is malicious and leads to several redirects and open unwanted tabs, and hangs your system.
Why did the researchers do all this research? Sanyam explains:
The issue is even after the weleakinfo seize and other websites of similar type which are seized, hackers are making more copies of such websites and we don’t care about it until this data is put on sale on some hacker forum on the dark web and that is when one attention goes. I want to bring all the people as well as law enforcement authorities’ attention regarding such websites so that rapid actions are taken on such websites.
You can read Sanyam’s report on Medium.
I have no doubt that law enforcement already knows about all these sites. And I’m not sure what we, the public, can do even if we “care harder.” But he’s right in that this situation puts people at more risk and something needs to be done — or tried.
In the meantime, remember that just because you may not find your email address or password on a site like HaveIBeenPwned, it doesn’t mean your credentials aren’t up for sale and available on any of a number of sites or “combo lists” that circulate on forums.