Security researcher Troy Hunt has added leaked usernames and passwords from rap mixtape website DatPiff to Have I been Pwned. In November, data from nearly 7.5 million members appeared on a hacker forum.
That Hunt writes on Twitter. It’s not clear exactly when the data breach occurred, but the passwords and usernames of nearly 7.5 million DatPiff members appeared on various hacking forums over the course of 2020 and 2021 and went on sale in closed loop. In addition to passwords and usernames, the database also contains email addresses and answers to security questions.
Hunt has now added the data to Have I been Pwned so users can see if their data has been leaked. 81 percent of the data was already housed in HIBP. This is plaintext data that was originally hashed with MD5. That’s an old-fashioned hashing algorithm from the 1990s, which has been obsolete for years, because it’s quite easy to crack MD5 hashes.
The leaked data is old and comes from a database backup of the website, BleepingComputer writes. The thief managed to get hold of the data by using a website vulnerability scanner that gave him access to the server containing the data. To date, DatPiff has not notified users of the leak and has not urged users to change their passwords.