0

I understand at an elementary level how data breaches tend to be distributed, starting with friends of the attacker/discoverer and then being distributed via forums, paste bins, etc. However I was wondering is there a common location/forum/method that this occurs on.

I am not looking for data breach lists myself, but feel as a security person knowing how to obtain one would be useful for improved threat modelling and consulting instead of defaulting to the generic "They are sold on the dark web!" statement.

Rivesticles
  • 644
  • 3
  • 13

2 Answers2

1

I don’t know where to look.

How they are sourced - usually they are put up for sale. Eventually someone leaks them and their value goes to zero. So they ask for a high price and that alone makes noise on forums.

Once they are leaked they are on forums, but torrent, and places like that.

The rest is more info on what an information security person needs from the lists.

I can tell you a couple resources and suggest a couple places to search and learn more.

Resources

NIST SP 800-63b tells us to stop changing passwords every 90 days and to forgo the complexity requirements- if you also make sure the password is not in a list of known compromised passwords (and a couple other requirements out of scope).

So, you need to look at data breaches to make sure the pw is not compromised.

https://haveibeenpwned.com/ - you can check if a pw has been compromised here. Troy keeps a list and constantly updated it. You can also ask where he gets those lists.

https://support.google.com/accounts/answer/9457609?hl=en Google keeps a list you can check against.

Here are resources where you can learn more

Kerbs on security - in his journalism work he spends time on the dark web and you may gather some clues reading his articles.

Bit torrent trackers and search engines.

Dark web (tor) search engines.

In addition to this, there are service that scan the dark web looking for data you ask them to look for and alert you.

Jonathan
  • 2,288
  • 13
  • 16
1

I know where to look and I'd been to the darknet forum myself. You need to use the TOR browser because that forum will block all types of browsers. But I don't know if I should mention the name here in public since that will encourage illegal activities.

As for the methods, they are using various methods. For example, they are using Linkedin API to scrap the data. Hackers can also be hired on some forums on the darknet, at least from what I've read on those forums. If you use darknet search engines via the TOR browser, you can find some of the forums. You can also ask questions on hackforums.net if you are looking for further research.

If you are looking for data breach alerts, I figure out Restore Privacy is one of the best. For example, in the recent Linkedin data leak, the author outlines the details of how the hackers get those data. He also included screenshots of the forum, as well as the conversation with the hacker on Telegram. You can check out here: https://restoreprivacy.com/linkedin-data-leak-700-million-users/

Shimizu.M
  • 26
  • 3