Data loss detection tool mines the ephemeral world of 'pastes'

Thousands of email addresses are leaked every day on Pastebin unknown to most users

A new feature in an online tool that searches for compromised data now indexes email addresses that appear on websites where users "paste" data, such as Pastebin.

A new feature in an online tool that searches for compromised data now indexes email addresses that appear on websites where users "paste" data, such as Pastebin.

It's not easy to figure out if your data has been collected by hackers, but an online tool has been expanded to hunt through one of the most prolific sources of leaked data, known as "pastes."

The most well-known paste website, Pastebin, has long been used as a public yet relatively anonymous way for attention seekers to showcase data they've collected through intrusions.

Similar sites, including Pastie and Slexy, publish pastes that contain more than 19,000 email addresses per day. Often passwords are also published with those email addresses, putting people at risk.

Sydney-based software architect Troy Hunt last year launched "Have I Been Pwned," (HIBP) a website where people could see if their usernames and email addresses had turned up in caches of data from massive breaches that affected companies such as Adobe Systems, Stratfor and Sony.

He's now added a capability to quickly input email addresses that pop up in pastes into his database, giving his subscribers quick alerts just minutes after their data is published.

"A lot of the big breaches we've seen have had partial dumps on Pastebin," Hunt said in a phone interview Tuesday.

The latest feature in Hunt's service uses a Twitter feed "@dumpmon," short for Dump Monitor, which is a project by Jordan Wright. Dump Monitor is a bot that monitors posts on Pastebin and other sites for email addresses, hashes and APIs that may indicate a data breach.

Dump Monitor then regularly tweets links to those pastes. Hunt uses Dump Monitor's feed, collecting the email addresses from the pastes and storing them in its breach database. That process of collecting the email address and putting them into HIBP's database takes a little over 30 seconds.

Users can sign up for alerts that are sent when their email address shows up in a paste. It means that within a few minutes, someone could know when their data appears on the Web, allowing them to take quick action, such as changing their password.

Pastes are notoriously ephemeral. Pastebin forbids the publishing of personal data in its terms and conditions, and pastes may be removed. HIBP pulls the email addresses from the pastes, but does not store the actual paste, according to a writeup on Hunt's blog.

The reason, Hunt said, is that many of the pastes contain sensitive information such as passwords, which he doesn't want to store for obvious reasons. That decision may make it harder for people to take action, but mitigates the risk that comes with storing large batches of live credentials, he said.

Best of all, Hunt's service is free unlike those offered by several companies that specialize in monitoring underground forums for stolen data. HIBP may not have the comprehensive scope of those services, but it does allow consumers to not have to rely on companies they've interacted with to notify them of a breach.

Join the CSO newsletter!

Error: Please check your email address.

Tags PastieSlexysecurityPastebin

More about Adobe SystemsSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts