News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.
To be clear, this is not a new data breach, or a breach at all, and the websites involved were not recently compromised to steal these credentials.
Instead, these stolen credentials were likely circulating for some time, if not for years. It was then collected by a cybersecurity firm, researchers, or threat actors and repackaged into a database that was exposed on the Internet.
Cybernews, which discovered the briefly exposed compilation, stated it was stored in a format commonly associated with infostealer malware, though they did not share samples
An infostealer is malware that attempts to steal credentials, cryptocurrency wallets, and other data from an infected device. Over the years, infostealers have become a massive problem, leading to breaches worldwide.
These types of malware impact both Windows and Macs, and when executed, will gather all the credentials it can find stored on a device and save them in what is called a "log."
An infostealer log is generally an archive containing numerous text files and other stolen data. The text files contain lists of credentials stolen from browsers, files, and other applications.
Example infostealer log
Source: BleepingComputer
Stolen credentials are usually saved one per line in the following format:
... continue reading