Data Breaches and You

What can be done with data breaches? People can just change their password, and the breach becomes useless, right? Is there really any concern? First off, not every data breach contains credentials. Some, like the Experian hack, contain personally identifiable information (commonly referred to as PII). These types of data…

Pre-computed Hash Table, v. 1.0

Torrent file => 600 Million Passwords – Pre-computed Hash Table This is a list of 600 Million unique plain-text passwords collected from about 100 of the largest database dumps from about a decade ending in the summer of 2018.  I then generated NTLM, sha1, sha256, MySQL, and MD5 hashes from…

And more data

As you may know, I’ve been working on collecting the biggest leaked databases that I can find.  Well, I stumbled upon one called “Collection #1 Leaked.”  Finding the torrent, I put it into the client and began downloading it.  When it was done, the archive was about 36GB.  Unzipped, it…

Password Database Update

I’ve been doing some other things for the past year or so, but I think I’m ready to pick this back up.  I have downloaded and imported all database dumps of which I am aware that have 1M or more compromised accounts in them, most of them from the past…

Password Database Progress

Over the past few months, I’ve been collecting databases of hacked accounts.  I’ve already gone into some depth as to why (password audits), so I won’t go over that here.  But it’s been interesting carefully working through how to pull out the truly unique passwords.  At first, I assumed that…

Solution to DISTINCT Case Problem

First off, take a look at my post from yesterday.  I was given to understand that DISTINCT is not case-sensitive.  The issue at hand actually has less to do with DISTINCT itself, and more to do with the character set and collation that are used when comparing strings.  The best…

More and More Data

Man, this server screams.  I’ve been able to do in a week on the new server what it took two months to do on the old one.  In the old server, I had about 1.7 Billion records.  I’ve moved those over to the new server.  Additionally, I have acquired and…

Lots of Data Dumps – Server Finally Finished

Wow, there have been a lot of breaches.  I’ve been processing data from the Breach Compilation database.  As I’ve been doing that, I have also been finding, researching, and downloading others.  320 Million here, 100 Million there.  So far, I have 56 databases to work with.  Who knows how many…

BreachCompilation Analysis

Database dumps containing user credentials are not a new thing.  One of the more recent contains 1.4 Billion email addresses and passwords.  This database is referred to as “BreachCompilation.”  More information about this database can be found at the end of this post.  A few weeks ago, I started to wonder…