A huge database of e-mail addresses and passwords from them is found in the public domain. This is reported by Australian security researcher Troy Hunt in his blog .
According to the expert, the text files with user data he found contained almost 42 million accounts in an unencrypted form. Documents were uploaded to the free anonymous hosting of kayo.moe.
Hunt noted that the address-password bindings he discovered are usually used in attacks called credential stuffing – hackers form lists with stolen user data from some sources, and then use them to hack accounts into other various online services. This method works if the victims use the same password everywhere.
The specialist stated that he could not find out where all this data was stolen. He also invited users to check on the site haveibeenpwned.com , whether their passwords were ever compromised by hackers. In addition, Hunt advised using different passwords for each online service.
Earlier, experts in the field of cybersecurity said that the most dangerous botnets Mirai and Gafgyt have updated tools to attack large corporate networks. The creators added new codes for exploits of old vulnerabilities.