A data leak differs from a data breach in that the former usually happens through omission or faulty practices rather than overt action, and may be so slight that it is never detected. While a data breach usually means that sensitive data has been harvested by someone who should not have accessed it, a data leak is a situation where such sensitive information might have been inadvertently exposed. pwndb is an onion service where leaked accounts are searchable using a simple form.
After a breach occurs the data obtained is often put on sale. Sometimes, people try to blackmail the affected company, asking for money in exchange of not posting the data online. The second option is selling the data to a competitor, a rival or even an enemy. This data is used in so many different ways by companies and countries… but when the people responsible for obtaining the data fail on selling it, the bundle becomes worthless and they end up being placed in some sites like pastebin or pwndb.
The easiest way is to search for leaked credentials, is accessing the Onion service using the url: http://pwndb2am4tzkvold.onion/ and then type the username and/or the domain name and click on the button with the label:
I love using the Terminal because it’s faster, also I want to have more flexibility; so, I decided to create a command-line tool. I’m using the same settings of Tor Browser to use Tor as a SOCKS5 proxy, so we need to have Tor Browser running or just change the IP and Port:
def create_connection(address, timeout=None, source_address=None): sock = socks.socksocket() sock.connect(address) return sock socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", 9150) socket.socket = socks.socksocket socket.create_connection = create_connection import urllib2
Follow these steps:
$ git clone https://github.com/davidtavarez/pwndb Cloning into 'pwndb'... remote: Enumerating objects: 10, done. remote: Counting objects: 100% (10/10), done. remote: Compressing objects: 100% (9/9), done. remote: Total 10 (delta 2), reused 4 (delta 0), pack-reused 0 Unpacking objects: 100% (10/10), done. $ virtualenv venv New python executable in /Users/davidtavarez/pwndb/venv/bin/python Installing setuptools, pip, wheel...done. $ source venv/bin/activate (venv) $ pip install -r requirements.txt Collecting PySocks==1.6.8 (from -r requirements.txt (line 1)) Installing collected packages: PySocks Successfully installed PySocks-1.6.8 (venv) $ python pwndb.py -h _ _ | | | _ ____ ___ __ __| | |__ | '_ \ \ /\ / / '_ \ / _` | '_ \ | |_) \ V V /| | | | (_| | |_) | | .__/ \_/\_/ |_| |_|\__,_|_.__/ | | |_| pwndb.py -u <username> -d <domain> (venv) $ python pwndb.py -u zzzz -d gmail.com _ _ | | | _ ____ ___ __ __| | |__ | '_ \ \ /\ / / '_ \ / _` | '_ \ | |_) \ V V /| | | | (_| | |_) | | .__/ \_/\_/ |_| |_|\__,_|_.__/ | | |_| Searching... ZZZZ@gmail.com : 0987654321 ZZZZ@gmail.com : ronaldo ZZZz@gmail.com : 123987 email@example.com : 01011991 firstname.lastname@example.org : 1221 email@example.com : 123987 firstname.lastname@example.org : 1455881 email@example.com : 26262626 firstname.lastname@example.org : 711041 email@example.com : 850505 firstname.lastname@example.org : aaaa email@example.com : asdfgh firstname.lastname@example.org : aser234 email@example.com : bb102102 .... (venv) $
We have 2 arguments:
-u for the username and
-d for the domain. Note: I’m using
% as a wildcard character at the end of each argument in order to get more results.
Also you can go to https://haveibeenpwned.com/ to see more information:
REMEMBER: If your password was leaked, change it. Anyhow try to not have the same password in all your services and change those credentials frequently.