Are your credentials present in the stolen Naz.API dataset?

Have I Been Pwned has added nearly 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service .

The Naz.API dataset is a collection of one billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware .

Credential stuffing lists are collections of login name and password pairs stolen from previous data breaches that are used to hack accounts on other sites .

As for #malware, it is a way to steal information and data from an infected computer, including credentials saved in browsers, VPN clients, and FTP clients . This type of software also attempts to steal SSH keys, credit cards, cookies, browsing history, and cryptocurrency wallets .

The stolen data is collected in text files and images that are stored in archives called “logs. ” These records are then uploaded to a remote server to be collected later by the attacker .

Regardless of how #credentials are stolen, they are then used to hack owned accounts, sell them to other threat actors on #cybercrime marketplaces,  or give them away for free on #hackerforums to gain a good reputation among the #hackingcommunity .

Naz.API dataset

The Naz.API is  a dataset that allegedly contains over a billion lines of stolen credentials compiled from credential stuffing lists and from logs of information-stealing malware. It  should be noted that although the name of the Naz.API dataset includes the word “Naz” , it is not associated with network attached storage (NAS) devices.

The dataset has been surfacing in the #databreach community for a long time. But it became famous after it was used to support an open source intelligence (OSINT) platform called illicit.service .

This service allows visitors to search the stolen information database, including names, phone numbers, email addresses, and other personal data .

The service was shut down in July 2023 due to concerns it was being used for Doxxing and SIM swapping attacks . However, the service was turned back on in September . 

Illicit.services uses data from various sources, but one of its largest data sources came from the Naz.API dataset , which was shared privately among a small number of people .

Each line in the Naz.API data consists of a login URL , its login name, and the associated password stolen from the person’s device, as shown below .

Added Naz.API to HIBP

Troy Hunt , the creator of the Have I Been Pwned app , announced that he added the Naz.API dataset to his #data_breach notification service after he obtained it from a well-known technology company . “Here’s the back story : I was contacted this week by a well-known tech company that received a bug bounty offer based on a credential stuffing list posted on a popular hacking forum,” according to Hunt’s post.

According to what Hunt said, the Naz.API data set consists of 319 files with a total size of 104 GB and contains 70,840,771 unique email addresses, adding that the Naz.API data is likely old, because it contains one of his and other private passwords. HIBP subscribers that have been used in the past. Hunt says his password “was used in 2011, which means some of the data is more than 13 years old.”

To check if your credentials are in the Naz.API dataset , you can perform a search on Have I Been Pwned  . If your email turns out to be linked to Naz.API , the site will warn you, indicating that your computer has been infected with information-stealing malware at some point .  

But unfortunately, even if HIBP warns you that your email is in the Naz.API , it won’t tell you which specific website credentials were stolen .

Since this data set is partly linked to information-stealing malware, it is recommended to change the passwords for all your saved accounts .

This includes passwords for corporate VPNs , email accounts, bank accounts, and any other personal accounts .

Furthermore, when information thieves try to steal cryptocurrency wallets, you should immediately transfer any cryptocurrencies to another wallet if you own them .