Video Activity

Leaks and Data Breaches

Video Transcript

Hi, everyone. And welcome back in the last video, we talked about finding emails and user names for euros and investigations, and now we're going to go over leaks in various data breaches and tell you where to find them. I have to put a little disclaimer here because this same for is only for educational purposes. The main reason is because all these publicly available content concerning leaks in data breaches was acquired by criminals. I cannot give you legal advice on this, since I'm not an attorney. But I can make a suggestion to be careful and to ask for advice. If you come across something potentially harmful for you and people around you in this lesson, you will learn where to finally and breach data information.

I have made a list of a few sites that offer this kind of information. First is haven't been pawned dot com, which is probably the golden standard nowadays to check if your email or user name has been a part of any known data bridge. Next is leak peak dot com, which is the new UK site, or at least that's what they say they are, and I like this one, because you can also search for une email or user name, and it will show you the first three characters off a password and from which database bridge is coming from.

Next is we leak info dot com, which is a very popular service that grants you to see past for details if you pay. Currently, this side is not active because the domain has been seized by the FBI. I put this on the list just for you to understand that seriousness off this kind of sites and data you're after. Next goes project dot f R, which is, according to the owners, Ah, 41 gigabyte dump that was found in the late 2017 in an underground community forum. You can search for emails or user names, and they will come with the clear text passwords if available. Also, there is a paid version to see the whole data. Almost all of these sites offer a paid feature to unlock, maybe passwords, user names, emails, give out advanced search filters and so on.

Personally speaking, I would not recommend paying for access to any of these data because of the privacy and security issues that could arrive at your table. Be aware of the legal repercussions because learning how to search for this data is totally different from using that found data to access someone's account or do any other malicious activity. And Leslie, I would suggest a different approach. Actually, we already talked about advanced Google searches in Google Dorking, but did not mention paste bin dot com, which is a website that allows users to share plain text public posts called pastes. The concept is not new pace being just grew. Actually, a lot of beaches are published here, so give it a try in this lesson. We went over leaks and data bridge sources, and in the next video, we'll go over and also approach towards I T systems.

Course link:
OSINT Certification Course & Training

Our OSINT certification course and training for open source intelligence (OSINT), the process of collecting and analyzing publicly available information that can be exploited by adversaries. Learn techniques for gathering intelligence from public data sources and how to leverage this knowledge to defend your organization from those who wish to do harm.

Instructed by
Tino Sokic

I am a Systems Enginner and Security Professional