A security researcher has found a dump of over 441,000 unique records, containing sensitive data of RedLine victims. As the concerned hacker left it exposed, the researcher shared it with Have I Been Pwned now.
This would let users check if their data was compromised or not, through an email address. RedLine is an information-stealing malware, that steals data stored in the browser. The data seen in the dump is said to be collected from August to September of this year.
New Addition to Have I Been Pwned
In past, we saw companies and institutions leaving their cloud databases exposed due to improper configurations, but a skilled hacker doing the same isn’t usual.
But now, we see one such instance spotted by Bob Diachenko, a security researcher. Last week, he found an exposed database containing over 6 million records, all relating to RedLine malware. While the owner of the database is unknown, it’s found that the dump contains sensitive data of RedLine victims.
Redline Stealer malware logs with more than 6M records were exposed online, publicly (now taken down). Internationally sourced data, exfiltrated in Sept and Aug 2021. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020. pic.twitter.com/kv9MNL8hAE
— Bob Diachenko (@MayhemDayOne) December 25, 2021
RedLine is an information-stealing malware that preys on browsers, stealing cookies, credentials, credit cards, autofill data, and even cryptocurrency wallets. Further, it’s capable of stealing credentials stored in VPN clients and FTP clients. And, it can act as a backdoor for injecting more malware by the hackers.
The dump, after verifying, is said to have repeated email IDs used by various records. So after filtering them, the researcher said there are about 441,657 unique records in the dump. These were shared with Troy Hunt’s Have I Been Pwned now, to let worldwide people search for their status and if it has been compromised.
The data was said to be collected between August and September of this year and has been exposed ever since. This could be abandoned, says the researcher, as no new additions were made to the database since then. Affected people should change all their connected online accounts and not the one that’s specifically compromised.
Other Trending News:- News
