HIBP - check your email
35 views
Skip to first unread message
Kurt Buff
Nov 11, 2025, 8:50:53 AMNov 11
to ntsys...@googlegroups.com
This is a big one. Unfortunately, details are thin, and I had no luck finding which site had my credentials.
Kurt
Mike
Nov 11, 2025, 9:17:07 AMNov 11
to ntsys...@googlegroups.com
Same, had no luck determining which site(s) were in this.
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce6tnbCniZ%2B2KfoxUA1-4jBid_AL39ma%2BRdHBFnWWAk%2BSA%40mail.gmail.com.
Kurt Buff
Nov 11, 2025, 9:52:07 AMNov 11
to ntsys...@googlegroups.com
They have a password checking option on the site. I'm probably going to take the time to feed through the passwords I've accumulated in PasswordSafe and Keepass, and see if I get any hits.
Alternatively, I might instead just get the shaw1 hashes for them and see what shows up.
Kurt
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CA%2BSdsNHO2fu1g%2BsAHdVK1Cog69yL8-RWUOMa7wpaTjcyKgmEkg%40mail.gmail.com.
Shawn K. Hall
Nov 13, 2025, 12:45:50 PMNov 13
to ntsys...@googlegroups.com
The "synthient" dump is not a single event but a trove of many collected by a company (Synthient) that trolls for them on hack forums over the course of years. I don't know what prompted them to share it with HIBP right now.
<https://synthient.com/blog/the-stealer-log-ecosystem>
<https://www.itnews.com.au/news/researcher-trawls-cybercrime-sites-collects-billions-of-stolen-credentials-621711>
While some of the accounts are from keylogger-infected devices, some are from infected servers, and many others (most?) are simply pastes with zero source information or attribution. HIBP usually treats these differently with a dedicated category for this type of thing:
https://haveibeenpwned.com/FAQs#Pastes
I suspect Troy treated it like a big event simply because of the volume (about 10% of the entire HIBP corpus now).
Like most other pastes, without attribution it's just "hey there might be *a* password exposed for this email *somewhere*". To determine which actual accounts were compromised you'd need to be using unique passwords and then check the PwnedPasswords dataset against each password:
https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader
-S
> <https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce6tnbCniZ%
> 2B2KfoxUA1-4jBid_AL39ma%2BRdHBFnWWAk%2BSA%40mail.gmail.com?utm
_medium=email&utm_source=footer> .
> 2BsAHdVK1Cog69yL8-RWUOMa7wpaTjcyKgmEkg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ntsysadmin/CA%2BSdsNHO2fu1g
> %2BsAHdVK1Cog69yL8-RWUOMa7wpaTjcyKgmEkg%40mail.gmail.com?utm_m
edium=email&utm_source=footer> .
>
>
<https://synthient.com/blog/the-stealer-log-ecosystem>
<https://www.itnews.com.au/news/researcher-trawls-cybercrime-sites-collects-billions-of-stolen-credentials-621711>
While some of the accounts are from keylogger-infected devices, some are from infected servers, and many others (most?) are simply pastes with zero source information or attribution. HIBP usually treats these differently with a dedicated category for this type of thing:
https://haveibeenpwned.com/FAQs#Pastes
I suspect Troy treated it like a big event simply because of the volume (about 10% of the entire HIBP corpus now).
Like most other pastes, without attribution it's just "hey there might be *a* password exposed for this email *somewhere*". To determine which actual accounts were compromised you'd need to be using unique passwords and then check the PwnedPasswords dataset against each password:
https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader
-S
> 2B2KfoxUA1-4jBid_AL39ma%2BRdHBFnWWAk%2BSA%40mail.gmail.com?utm
_medium=email&utm_source=footer> .
>
>
> --
> You received this message because you are subscribed to the
> Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/ntsysadmin/CA%2BSdsNHO2fu1g%
>
> --
> You received this message because you are subscribed to the
> Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion visit
> 2BsAHdVK1Cog69yL8-RWUOMa7wpaTjcyKgmEkg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ntsysadmin/CA%2BSdsNHO2fu1g
> %2BsAHdVK1Cog69yL8-RWUOMa7wpaTjcyKgmEkg%40mail.gmail.com?utm_m
edium=email&utm_source=footer> .
>
>
Reply all
Reply to author
Forward
0 new messages