More than 300,000 User Credentials Posted on Pastebin Over the Last Year

Hackers have posted more than 300,000 user credentials on Pastebin in the last 12 months, with an average of 1,000 usernames and passwords per leak, according to High-Tech Bridge`s report.

The experiment by High-Tech Bridge revealed that the total amount of credentials was 311,095, after excluding data from fake hacks, duplicates and leaks affecting fewer than 100 users.

Image credit: High-Tech Bridge

“The problem is that a lot of sensitive information is stored in many different places thanks to the cloud and other new technologies,” High-Tech Bridge`s CEO, Ilia Kolochenko, said.

“Websites quite often have unlimited access to a central database, and it`s enough to find one SQL injection vulnerability that opens to the door to compromising the entire database, no matter how secure the database server itself is.”

The report discovered that even though not many accounts had “classic passwords” such as “12345” or “qwerty”, plain text passwords were prone to dictionary attack as they were too simple.

40 per cent of the credentials leaked were from email systems. Another 40 per cent were from different online services and 13.1 per cent were from social networks, with Facebook accounting for 92 per cent.

Online games, payment systems and e-stores rated second in the report with 2.8 per cent, 1.5 per cent and 1.1 per cent of leaked credentials.

Image credit: High-Tech Bridge

The figures show that Gmail had the highest rate of leaked email accounts, at 25 per cent, followed by Yahoo with a 22 per cent rate.

The report`s conclusion, after compromised data analysis, is that the two main sources for Pastebin leaks are Trojans that compromised user machines and vulnerable web applications.