The extensive data set known as "ALIEN TXTBASE" has been added to the Have I Been Pwned (HIBP) platform, a service that notifies users of data breaches.

This integration, as noted by HIBP's founder, involves data extracted from devices compromised by infostealer malware. The data set includes 1.5 terabytes of stolen credentials, comprising 23 billion entries.

Data Analysis and Impact

Upon analysis, the data reveals 493 million unique email and website combinations, affecting 284 million distinct email addresses. Additionally, 244 million new passwords have been added to the Pwned Passwords database, with frequency updates for 199 million existing entries.

Enhanced Data Access with New APIs

HIBP has launched new APIs to improve data access for organizations. These APIs allow for querying stealer logs by email and domain, helping assess exposure and identify compromised credentials. Available through a Pwned 5 subscription, these tools include an API for email searches and a free web UI for viewing email logs. A new "IsStealerLog" flag aids in handling stealer log data separately.

Origin and Distribution of ALIEN TXTBASE

The ALIEN TXTBASE data originated from a Telegram channel distributing stolen credentials, discovered after a government alert. The channel offers free samples and sells subscriptions for access to new data, typically gathered via malware infections.

Challenges in Data Verification

Unlike single-source breaches, ALIEN TXTBASE involves multiple sites, complicating authenticity verification. Standard methods like password resets are hindered by geo-fencing, but HIBP uses VPNs and subscriber feedback for validation. Despite its legitimacy, the data may contain fake entries, complicating the distinction between valid and invalid information.

Accessing and Utilizing the Data

The ALIEN TXTBASE logs are now accessible through HIBP's search methods and new domain-based APIs. This empowers users to identify compromised credentials and take protective measures. The free web UI for viewing stealer log results by email remains available, requiring users to verify their email on the notification page.

Takeaway: Learn more about zero-day vulnerabilities and how to protect against them in our detailed Research section.

The link has been copied!