WeLeakInfo.com is shutdown and 21 arrests made in UK nationwide cyber crackdown

WeLeakInfo.com is shutdown and 21 arrests made in UK nationwide cyber crackdown

The FBI has seized the domain for WeLeakInfo.com, a site that sold breached data records, after a multinational effort by law enforcement. Authorities have arrested two 22-year-old men alleged to have operated the site. Based in Fintona, Northern Ireland, and Arnhem in the Netherlands, they are believed to have made over £200,000 (about $260,000) between them from the site. 21 people have been…

View On WordPress

Database Lookup sites (LIST)

The popularity of database search engines have grown from the early beginnings of leaksource,It servers a useful research function as well as for the general consumer to see what kind of information about them is out there.

Here are some sites worth checking out

https://nuclearleaks.com/search https://vigilante.pw/ http://weleakinfo.com http://rslookup.com https://dehashed.com https://snusbase.com/ https://databases.today/

https://leakedsource.ru

https://leaked.site

21 arrested after allegedly using stolen logins to commit fraud

21 arrested after allegedly using stolen logins to commit fraud

UK police also give some food for thought to those on the verge of breaking the law The long arm of the law has caught up with 21 people who are believed to have bought purloined login credentials on the now-defunct WeLeakInfo.com website and used them to break into other people’s online accounts and commit various cybercrimes. Some of those arrested are also suspected of having used the…

View On WordPress

4 Tools To Collect Secret Information From Any Website Like A PRO Hacker

Hey TechHackSaver Hackers! In this article, I am going to tell you about some really cool methods that a Hacker Use to collect the information from any website. Or to do pentesting sites.

So, There are a lot of hidden things a website can have in them but normal people can’t really see through it, But as from a hacker’s perspective you should be efficient with Gathering Information from any website

Intermediate Hacker’s Uses the script to quickly perform these Task but, Here I am going to tell you about some cool website which does the same work as that of those scripts. So Even without any coding background or any prior knowledge about Kali Linux You can easily Do this.

What Is Information Gathering?

information gathering in cyber security is one of the most and fundamental part of pentesting and Hacking. Infоrmаtіоn Gathering іѕ thе асt оf gаthеrіng dіffеrеnt kіndѕ оf іnfоrmаtіоn аgаіnѕt the tаrgеtеd victim оr ѕуѕtеm. It іѕ thе fіrѕt ѕtер оr thе bеgіnnіng ѕtаgе of Ethісаl Hасkіng, whеrе thе реnеtrаtіоn testers or hасkеrѕ (both black hаt оr whіtе hаt) реrfоrmеd thіѕ ѕtаgе; thіѕ іѕ a necessary and crucial step tо be performed. Thе more thе іnfоrmаtіоn gathered about thе tаrgеt, thе mоrе thе probability tо оbtаіn relevant rеѕultѕ. Infоrmаtіоn gathering іѕ nоt juѕt a рhаѕе оf security tеѕtіng; іt is аn аrt that every реnеtrаtіоn-tеѕtеr (реn-tеѕtеr) аnd hacker ѕhоuld mаѕtеr fоr a better experience іn penetration testing. Thеrе are vаrіоuѕ tооlѕ, tесhnіԛuеѕ, аnd wеbѕіtеѕ, іnсludіng рublіс ѕоurсеѕ ѕuсh аѕ Doamin and Subdomain information thаt саn help hасkеrѕ tо gather іnfоrmаtіоn. This step іѕ nесеѕѕаrу because whіlе реrfоrmіng аttасkѕ оn аnу target, Yоu may nееd аnу information to use them in further stages.

Information Gathering for Hacking

What Is FootPrinting ?

Also Read : Your Browser Leaving a Footprinting? Check Here Now!

Footprinting іѕ thе technique tо collect аѕ much information as роѕѕіblе аbоut thе tаrgеtеd nеtwоrk/vісtіm/ѕуѕtеm. It hеlрѕ hасkеrѕ in vаrіоuѕ wауѕ to іntrudе on аn оrgаnіzаtіоn’ѕ system. Thіѕ tесhnіԛuе also dеtеrmіnеѕ thе ѕесurіtу postures оf thе target. Fооtрrіntіng саn be active аѕ well as passive. Pаѕѕіvе fооtрrіntіng/рѕеudоnуmоuѕ fооtрrіntіng іnvоlvеѕ thе соllесtіоn оf dаtа without thе оwnеr knowing thаt hасkеrѕ gather hіѕ/hеr data. In contrast, асtіvе footprints аrе сrеаtеd when реrѕоnаl dаtа gеtѕ released consciously аnd intentionally or bу dіrесt соntасt оf thе оwnеr.

Before Testing On website you Must have a permission to do so! Otherwise It’s a crime!

How to Get vulnerable websites for testing?

To get vulnerable sites for testing you can simply go to BugCrowd.com They have a bug bounty program so just go to it and select the program and you will get vulnerable sites for testing. best thing is that if you crack or find the bug, You will get PAID for it. But before doing so, You must read the reports and information very carefully to get vulnerable websites for testing. alternatively, you can practice your skills on OWASP and other platforms too. There are a lot of them

Tool And Their Alternative Websites:

1] Hаrvеѕtеr

Harvester іѕ аlѕо an іnfоrmаtіоn-gаthеrіng tооl whеrе іt hеlрѕ you tо extract thе еmаіl address аnd subdomains оf a particular tаrgеt. Hаrvеѕtеr is соdеd uѕіng a ѕіmрlе руthоn script whісh ѕеаrсhеѕ іnfоrmаtіоn frоm gіаnt search engines lіkе Gооglе, Yаhоо, Bіng, аnd muсh more.

Alternative: https://hunter.io

You can Simply Do the Same with the website: https://hunter.io/ This will also help you to get the Email address and other info just like Harvester and MUCH MUCH EASILY! JUST WITH A BUTTON CLICK!! However since harvester is a script, it has additional features too. But Hunter.io does the necessary work for us.

2] Crt.sh : Website Certification and Sub-Domain Gathering

Crt.sh is a website that will provide you the certification details of a website and the subdomain it has. You can implement and check for subdomains if it has any vulnerability or not? Link: Crt.sh All you have to do is type a domain name and Hit Enter! That’s it!

3] snusbase.com : Database Breaches and Latest Leaks

Previously we were interested in a website known as: https://weleakinfo.com/ But the domain has been seized by Government so Snubase is an alternative website to that.

4] BuildWith

Find What Technology a website is using and What plugins framework and every detail about the website has

5] Wappalyzer

Similar to that of BuildWith this plugin provides you a realtime information about the website and plugin which is currently used by the website. Downloads: Download Here

CHROME:

MOZILLA: Download Here

To find the Vulnerabilities Simply google the syntax:

CVE {Language/framework/library} {Version}

Ex: CVE PHP 2.5.3

That’s all for this time guys, Follow us on All social platforms and support Us.

from WordPress https://ift.tt/2KJGV36 via IFTTT

Feds seize WeLeakInfo.com for selling stolen databases | TheHackerNews.Co #databreaches #europe #fbi #hacking #leaks #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #thehackernews

Siber Suçlular Karanlık İşler İçin Arama Motoru Açmış

ABD Federal Polisi FBI, kişisel verileri satmak için kullanılan bir web sitesine el koyarak kapattı. Siber güvenlik kuruluşu ESET’in edindiği bilgiye göre, sözkonusu web sitesi, yasadışı olarak elde edilen kişisel bilgilere erişmek isteyen suçlular için bir arama motoru işlevi görüyordu. Sitede 12 milyardan fazla verinin bulunduğu paylaşılırken, konuyla ilgili 2 kişinin tutuklandığı duyuruldu. Söz konusu operasyon, FBI’in yanı sıra İngiltere, Kuzey İrlanda, Hollanda ve Almanya'daki kolluk kuvvetlerinin işbirliğiyle gerçekleştirildi. Web sitesini yönettiğinden şüphelenilen iki kişinin Hollanda ve Kuzey İrlanda'da tutuklandığı açıklandı. Siber güvenlik kuruluşu ESET’in edindiği bilgiye göre, çeşitli yollarla çalınan kişisel verileri satmak için kullanılan WeLeakInfo.com alan adına el kondu. Şüpheli web sitesi, isteyen herkesin başkalarının kişisel bilgilerine ulaşmasına ve erişmesine izin veren bir ödeme planı sunuyordu. 10 bin veri ihlalinden elde edilen 12 milyar kayıt Polis yetkilileri, "WeLeakInfo.com, 12 milyardan fazla dizinli kayıt içeren 10 binden fazla veri ihlalinde yasadışı olarak elde edilen kişisel bilgileri gözden geçirmek ve elde etmek isteyen kullanıcılarına bir tür arama motoru sağlıyordu” bilgisini paylaştı. Neler vardı? Kayıtlar; kişi adlarını, e-posta adreslerini, kullanıcı adlarını, telefon numaralarını ve çevrimiçi hesapların şifrelerini içeriyordu. Abonelikler, 24 saat geçerli erişim için 2 dolardan başlıyordu. Daha uzun abonelik süreleri de mevcuttu. Daha önce de böyle bir site durdurulmuştu Farklı bir olayda ise üç milyar çalıntı veya sızdırılmış çevrimiçi kimlik bilgisi bulunan LeakedSource.com iki yıl önce basılmıştı. Mayıs 2019'da, sitenin yöneticisi çalıntı bilgi kaçakçılığı suçunu kabul etti. Ne yapılmalı? Oturum açma kimlik bilgilerinizin bir veri ihlalinde tehlikeye girmiş olup olmadığını kontrol etmenizi sağlayan meşru hizmetler var. haveibeenpwned.com web sitesi, bu konuda yardımcı olabilecek önde gelen örneklerden biri. Önemli bir başka nokta ise bilgisayar, telefon ve tabletler için bireysel kullanıma yönelik güncel ve proaktif bir güvenlik yazılımının mutlaka kullanılmasıdır. Siber güvenlik yazılımları, kullanıcıları pek çok dertten ve sızıntıdan uzak tutar. Read the full article

WeLeakInfo is No More!

WeLeakInfo was selling billions of stolen personal records. Thankfully, law enforcement had gotten to those pigs and shut their site down, thanks to the help of international counterparts. On Thursday, US, Dutch, UK, and German law enforcement released a unitary statement that they had seized weleakinfo.com. Authorities had arrested two 22-year old males that lived in Ireland and the Netherlands, respectively. Remaining suspects are still in pursuit, according to the FBI. According to US DOJ, the records sold by WeLeakInfo contained individual's Names, email addresses, usernames, phone numbers and passwords for online accounts. WeLeakInfo had advertised themselves as authentic, selling there services in intervals of day(s), week(s), and month(s). Many users were not happy by the service provided by WeLeakInfo. There were a number of customers that took to social media to request refunds. The site had been blocked in accordance with FBI action. The message had read: “With execution of the warrant, the seized domain name – weleakinfo.com – is now in the custody of the federal government. Visitors to the site will now find a seizure banner Work Cited >Seals, Tara, "Feds Cut Off Access to Billions of Breached Records with Site Takedown",https://threatpost.com/feds-cut-off-access-billions-breached-records/152001/">https://threatpost.com/feds-cut-off-access-billions-breached-records/152001 January 17, 2020.

Feds seize WeLeakInfo.com for selling stolen databases | MrHacker.Co #databreaches #europe #fbi #hacking #leaks #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #mrhacker

Betreiber verhaftet, Domain und Server beschlagnahmt: Die Webseite Weleakinfo.com hat im großen Stil mit Zugangsdaten gehandelt, die aus mehr 10.000 Datenlecks gestammt haben

WeLeakInfo.com Taken Down In Joint Operation: http://dlvr.it/RNHYVW https://redsecurity.info http://dlvr.it/RNHYVW

NPR News: FBI Seizes Website Suspected Of Selling Access To Billions Of Pieces Of Stolen Data

FBI Seizes Website Suspected Of Selling Access To Billions Of Pieces Of Stolen Data The site weleakinfo.com is now down. The Justice Department says that for a fee, users could access stolen personal data names, phone numbers, e-mail addresses. Two people were arrested in Europe. Read more on NPR

The Era of database search engines

Over the passed year or so a new type of service has made itself common place, “database lookups” or large scale search engines with hacked websites stolen databases that are searchable in an instant are now commonly accessible the public.

their have been alot of legal questions about the nature of these websites their use,ownership and commercial sales but at this point in time it is worth noting no criminal element has been demonstrated to be found within the design of owning running or using one of these websites.It would appear that it is a likely side effect of being a owner or user that some amount of them would happen to stumble into related or unrelated legal issues but at its core publicly leaked or even privately distributed databases making them accessible to the public as a third party is in short;legal.

despite the potential harm their is considerable benefit to the existence of such sites allowing the public to truly witness the scale and damages capable of what is often summed up in brief essays on small news websites and to learn about their own security weakness allows them to understand more clearly and practice harm reduction.

Personally the public having access to the same things criminals and law enforcement already have is at worst chaotic neutral.And for the privacy and security concerned it is a great opportunity to see what is out there and what is known about yourself,your friends family and you can work to change passwords delete accounts and be more prepared if your are inclined to take steps and counter measures.

their are billions of hacked results from databases with the first major one of these sites being leakedbase which was shut down for some time and has resurfaced after a few months at one point touting in the billions of hacked credentials.

we have tested a few of these websites ourselves and it can be truly amazing to see just how much information is really out there and is a invaluable tool to researchers and academics with tools like APIS and access to old as well as very recent and obscure hacks.

“Search page of “weleakinfo.com”

A few of the websites we experimented with that you can checkout if you like are 

WELEAKINFO our personal favorite its fast reliable inexpensive and has tons of results and the staff seem very nice and strongly believe in what they do.

https://weleakinfo.com/

LEAKBASE (CURRENTLY REDIRECTS TO https://haveibeenpwned.com/)

RSLOOKUP a smaller nice search mainly focusing on the game runescape along with some semi related game website databases

https://rslookup.com/terms

Leakedsource is currently backup at the https://leakedsource.ru domain

FBI seizes WeLeakInfo.com website for allegedly selling sensitive data breach info

The FBI, in cooperation with law enforcement from the UK, Netherlands, Germany and Ireland, seized the WeLeakInfo.com web site for allegedly selling personal information from data breaches.

Crafted as a typical search engine, WeLeakInfo.com let users sniff through more than 12 billion records indexed from around 10,000 data breaches. Names, email addresses, usernames, phone numbers, and even clear-text passwords for online accounts are among personal information sold by the website’s operators.

The website, which calls itself the “World’s Fastest and Largest Data Breach Search Engine,” allowed any visitor to purchase 24-hour, 1-week, 30-day or 3-month website access at prices from $2 to $70, and included unlimited searches and 24/7 support.

 “With execution of the warrant, the seized domain name – weleakinfo.com – is now in the custody of the federal government, effectively suspending the website’s operation,” the US Department of Justice said in a press release yesterday.  “Visitors to the site will now find a seizure banner that notifies them that the domain name has been seized by federal authorities.”

As of yesterday, Dutch police arrested a 22-year-old suspect from Arnhem and said the investigation is going forward, but offered no further details.

The statement also encourages the public to help identify the owners of the website “by filing a complaint (referencing #weleakinfo in the “Description of Incident” field) with the FBI’s Internet Crime Complaint Center (IC3)”. 

Since data stolen in breaches is out of the control of individual users, any data exposed online can trigger impersonation, identity theft, fraud, phishing, or worse. It’s always recommended to stay up-to-date with the latest data breaches by monitoring your digital footprint, accounts and financial data for suspicious behavior.

from HOTforSecurity https://ift.tt/38kseNl

CÓMO ENCONTRAR DIRECCIONES EMAIL HACKEADAS

El robo de datos se ha vuelto muy común recientemente. Muchos de los sitios web más populares son propensos a esta clase de ataques y los vectores de ataque crecen en la medida en que los hackers recurren al uso de herramientas de código abierto. Por ejemplo, existe una herramienta llamada h8mail usada para verificar direcciones de correos atacadas.

Acorde a expertos en seguridad en redes del Instituto Internacional de Seguridad Cibernética, h8mail es una herramienta útil en la fase inicial de pruebas de penetración en un sistema.

H8mail es una herramienta de código abierto usada para buscar correos electrónicos y contraseñas. Esta herramienta encuentra direcciones email atacadas a través de diferentes sitios. Utiliza correos electrónicos que han sido víctimas de violación de datos. Para esta demostración, se ha ejecutado esta herramienta en Kali Linux 2018.4.

Antes de instalar la herramienta, debe instalar nodejs y actualizar python en Kali Linux. Esta herramienta solamente funciona con python3.

Para instalar python escriba sudo apt-get update

Luego escriba sudo apt-get install python3

Para comprobar la versión de python, escriba python –version

Luego escriba sudo apt-get install nodejs

Después de instalar todos los requisitos previos clone h8mail

Para la clonación, escriba git clone https://github.com/khast3x/h8mail.git

Escriba cd h8mail

Escriba pip install -r requirements.txt

Mientras instala pip si muestra el error anterior, significa que debe actualizar pip en sus distribuciones de Linux

Para esto, escriba sudo apt-get update python3-pip

Después de actualizar pip, escriba pip install -r requirements.txt

Luego escriba python3 h8mail.py –help

Las consultas anteriores se utilizan para recopilar contraseñas y contraseñas de correo electrónico con robo de datos

H8mail usa distintas API para buscar direcciones email

HaveIBeenPwned (https://haveibeenpwned.com/): este sitio web verifica si la dirección del correo electrónico ha sido comprometida o no. Este sitio web recopila una gran cantidad de volcados de bases de datos que contienen información sobre todos los miles de millones de cuentas filtradas

Shodan (https://www.shodan.io/): Shodan es un motor de búsqueda que hace ping a todas las direcciones IP disponibles que están utilizando Internet actualmente

Hunter.io (https://hunter.io/): Hunter es una fuente de h8mail. Hunter se utiliza para encontrar y verificar la dirección de correo electrónico profesional. Para utilizar estos servicios, debe pagar parte de la cuota de hunter.io

Weleakinfo (https://weleakinfo.com/api/public): Weleakinfo es otro motor de búsqueda de bases de datos atacadas

Snusbase (https://snusbase.com/): Snusbase es un motor de búsqueda de base de datos que recopila datos de sitios que han sido hackeados y proporcionar esos datos a sus usuarios. Para utilizar estos servicios, debe pagar una cuota de snusbase

Encontrar direcciones email hackeadas

Escriba python3 h8mail.py -t [email protected]

-t se utiliza para introducir la dirección de correo electrónico de destino

La consulta anterior muestra que el correo electrónico analizado no se encuentra en ninguna de las bases de datos mencionadas anteriormente

Muestra que HIBP (HaveIBeenPwned) no pudo encontrar la dirección de correo electrónico en ninguna base de datos. Ni su contraseña está disponible en la base de datos HIBP

Identificar masivamente cuentas de correo electrónico para testing

Para obtener direcciones de correo masivo puede usar TheHarvester, una herramienta popular para encontrar direcciones de correo o detalles de los empleados de una compañía

La anterior es la lista de las direcciones email que se pueden usar en el escaneo si las direcciones de correo electrónico anteriores han sido atacadas o no

Guardar la lista anterior. Escriba nano emaillist.txt

Luego copie y pegue las direcciones de correo electrónico completas. Luego guarde la lista

Escriba python3 h8mail.py -t /home/iicybersecurity/Downloads/testsites.txt -bc/Downloads/breachcompilation/-k“snusbase_url:http://snusbase.com ,snusbase_token: 5sxxxxxxxxxxxxxxxxxxxBuXQ”

-t se utiliza para introducir los objetivos

-bc se utiliza para dar ruta a los objetivos hackeados

-k se usa para ingresar la clave de la API snusbase

La consulta anterior muestra que las direcciones de correo electrónico anteriores no han estado en la base de datos de HIBP

Si ve un error de snusbase, significa que tiene que comprar sus servicios para buscar en su base de datos

Usar consulta simple

Escriba python3 h8mail.py -t targets.txt -c config.ini -o pwned_targets.csv

-t se utiliza para seleccionar el archivo de destino. Tienes que crear el archivo target.txt

-c se utiliza para seleccionar el archivo de configuración donde se han introducido las API

-o se usa donde los datos se guardarán en formato .csv

Si las direcciones de correo electrónico han sido hackeadas

Esta información puede ser utilizada en otras actividades de hacking

Feds seize WeLeakInfo.com for selling stolen databases #databreaches #europe #fbi #hacking #leaks #privacy #security #hacking #hacker #cybersecurity #hack #ethicalhacking #hacknews

Feds Seize WeLeakInfo.com For Selling Access To Stolen Data

http://i.securitythinkingcap.com/RNQWZd