Is your account safe? A way to hack public password breach.
Hi
Hiiiiii Everyone!!!
It's been a while since my last hacking-related post. I know you guys miss me :) So here you go.
I will write a story about data breaches, how unaware people are, and how dangerous it might be in this post.
Data Breach
A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak, information leakage and also data spill. — Wikipedia
In 2019, the total number of breaches was up 33% over the previous year, according to research from Risk Based Security, with medical services, retailers, and public entities most affected. That's a whopping 5,183 data breaches for 7.9 billion exposed records.
So how to check if your account is safe? After reading and reading trying to find information about how this data breach might affect me, or you, I've found two websites that would help;
https://haveibeenpwned.com
After giving it a try, one of my email accounts is exposed in 4 different places.
The next question is….. ? Is this password saved in plain text? Because most people use the same password for all their accounts on different sites. So if one of them is saved in plain text, you pretty much lost your master key, which might lead them to your primary mail :)
Password Security Report: 83% of Users Surveyed Use the Same Password for Multiple Sites. It’s estimated that people will have to manage as many as 300 billion passwords by the year 2020. That’s 40 passwords for every man, woman, and child on the planet. — Cylonis.com
Dark Web Time!
I think they must be a way I can access those leakage databases somehow, somewhere…. The logic is avast, and haveibeenpwned.com has either a full leakage database or somehow access to the database provided by a third party.
After doing some research, watching youtube videos, and reading medium posts, I found one interesting website located in tor network that stored almost all leakage databases, with .onion ending!
*Warning: Do not try this if you don't know what you're doing*
It can go sideways, and you need to set up your VPN, Proxy, TOR Browser, or anything you might need to protect yourself. Pls, mind this for educational purposes only.
I use the new OS installed in my VM and remove it immediately. After getting all my preps ready, I start looking for the site.
Ummmm, It was shocking that this site stored my plaintext master password, which I usually use as a password for all my accounts.
Not stopping here, I decide to export all my Gmail contact and code automation scripts. The result is shocking for me!
I found almost 35% creds (mostly are outdated) of all my contact, including 2 of my exes lul (I've already informed them before this post is published).
This is very interesting, but posting this as a story is risky too since most people might get too curious or excited and mostly going to dive into the dark web. After consulting with my prof, he tells me that it might be best if I could make a safe proxy server to mirror the content so everyone can access it right away.
You can too! and Its 100% Save
By any chance, I decide to make a safe-mirroring server. I've been dealing with python and PHP for so many, many, many, many hours to ensure the connection is secured for everyone. I want to develop this so everyone can check if their password is exposed without taking the risk of diving too deep into the darknet.
You can access it here:
(Removed due to user request)
*Ps: I've limited the number of requests that each person can make to minimize the chance of misuses.
