14 DAY TRIAL // Many hackers have stopped using Pastebin to publish information stolen from targeted websites because the service deletes sensitive data in a fairly short amount of time. However, there are still many that utilize it.
An experiment carried out by High-Tech Bridge shows that, in the last 12 months, a total of over 300,000 accounts credentials were published on the website.
It’s worth noting that only leaks affecting over 100 users have been taken into consideration. Data from fake hacks and duplicates have been excluded.
According to experts, each leak contained, on average, 1,000 user credentials. Half of the passwords published on the website had been encrypted.
"Analyzing compromised records we can conclude that there are two main sources of information leaks posted on Pastebin: insecure web applications and compromised user machines with installed Trojans,” said Ilia Kolochenko, High-Tech Bridge CEO.
“Attacks against web applications and end-users remain one of the easiest to conduct. The problem is that a lot of sensitive information is stored in many different places thanks to the cloud and other new technologies,” he added.
“Websites quite often have unlimited access to a central database, and it’s enough to find one SQL injection vulnerability that opens to the door to compromising the entire database, no matter how secure the database server itself is.”
The figures show that just over 40% of credentials posted on Pastebin are for email systems, and another 40% are for various online services. 13.1% are for social networking websites, 2.8% for online games, 1.5% for online payment systems, and 1.1% for e-stores.
Most of the compromised email account credentials are for Gmail (25%), followed by Yahoo (22%), Hotmail (7%) and Mail.ru (5%).
Additional details on this experiment are available on High-Tech Bridge’s website.