Data hoarding site represents the dark side of data breach monitoring

Data hoarding site represents the dark side of data breach monitoring

Data hoarding site represents the dark side of data breach monitoring

A site that's been warning the public about data breaches might actually be doing more harm than good.

Enter LeakedSource, a giant repository online that can potentially make hacking easier. Your email address and the associated Internet accounts -- including the passwords -- is probably in it.

In fact, the giant repository is made up of stolen databases taken from LinkedIn, Myspace, Dropbox, and thousands of other sites. It bills itself as a data breach monitoring site and for months now, it's been collecting details on hacks, both old and new, and alerting the media about them.

But the repository also features something that might be illegal: a search function that can look up all the stolen information. It’s also why LeakedSource is probably becoming a tool for novice hackers.

For US$2 a day, a subscriber at LeakedSource can enter an email address or username and find details on what internet accounts it was used to registered with. Not only that, LeakedSource will crack the associated passwords when it can.

Read Also:
Why Data Breaches Don’t Hurt Stock Prices

The search function has made it popular on HackForums.net, what one Reddit user described as a breeding ground for script kiddies. A number of threads at the forum mention how LeakedSource can be used for hacking.

One user, for instance, is offering an ebook for $8 on that very topic. Others are offering advice on how to use LeakedSource as a way to hack a social media account or to dox someone and dump the person’s files online.

“Ever wanted to be an elite hacker and show off?” wrote one user. “Here’s a small tutorial on how to break into a Youtuber’s account using a database looking up tool called: LeakedSource.”

On Monday, LeakedSource declined to answer questions about the legality of the site. The operators behind the service remain anonymous, but they say they don't condone any hacking.

However, as far back as October 2015, LeakedSource appears to have begun promoting itself on HackForums.net. When asked about this over email, LeakedSource didn't directly respond.

Read Also:
How to tap into data with predictive analytics

Instead, the site's operators claim that all the information they store and index is already available on the internet.

"Before people start pointing fingers at us, anyone is free to download well over a billion records from the clear web," LeakedSource said in an email that included links to stolen databases taken from Myspace and LinkedIn.

The site has also said it's not responsible for any data breaches. It merely collects the stolen databases, often by searching through the Dark Web, or by receiving them from anonymous hackers, LeakedSource has said.

"Many of (the hackers) like what we do, some want to draw publicity to themselves and others don't want their 'enemies' to be able to profit off selling data," it said in an earlier email.

 



Data Science Congress 2017

5
Jun
2017
Data Science Congress 2017

20% off with code 7wdata_DSC2017

Read Also:
How to Determine the Right Agile Development Methodology
Read Also:
How to budget for a GDPR project

AI Paris

6
Jun
2017
AI Paris

20% off with code AIP17-7WDATA-20

Read Also:
Krebs’s Immutable Truths About Data Breaches — Krebs on Security

Chief Data Officer Summit San Francisco

7
Jun
2017
Chief Data Officer Summit San Francisco

$200 off with code DATA200

Read Also:
How to Determine the Right Agile Development Methodology

Customer Analytics Innovation Summit Chicago

7
Jun
2017
Customer Analytics Innovation Summit Chicago

$200 off with code DATA200

Read Also:
How to Determine the Right Agile Development Methodology

Big Data and Analytics Marketing Summit London

12
Jun
2017
Big Data and Analytics Marketing Summit London

$200 off with code DATA200

Read Also:
Modular data center startup gets funding

Leave a Reply

Your email address will not be published. Required fields are marked *