The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The service now includes credentials for 441K accounts stolen by the popular info-stealer.
The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The malicious code can also act as a first-stage malware.
Stolen data are stored in an archive (logs) before being uploaded to a server under the control of the attackers.
A few days ago the data breach hunter Bob Diachenko discovered an unsecured server exposing over 6 million RedLine logs containing data harvested between August and September 2021. The server is still accessible, but the researchers pointed out that threat actors abandoned it because the the number of logs is not increasing.
The insecure server contained numerous LastPass credentials stolen using the RedLine malware.
Diachenko decided to provide the data exposed on the server to Troy Hunt, who operates the popular data breach notification service Have I Been Pwned.
“In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data included usernames, email addresses and plain text passwords.” reads the announcement published on the HIBP website that announced the availability of 441,657 unique email addresses stolen by the RedLine malware.
If your email address is listed in the RedLine malware logs, you have to change the passwords associated with that email account and for any other account that share the same credentials. Users have also to change passwords for any account accessed through the infected machine. Users have also to scan the machine to remove installed malware.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, malware)
[adrotate banner=”5″]
[adrotate banner=”13″]
Experts found two vulnerabilities in the vBulletin forum software, one of which is already being…
Security Affairs Malware newsletter includes a collection of the best articles and research on malware…
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…
Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise…
Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…
This website uses cookies.
