51 million file sharing accounts for sale on the dark web
The iMesh breach from 2013 contains the usual bad passwords made familiar from many similar breaches over the years, such as “123456,” “password,” and “qwerty,” as well as site-specific passwords of “bearshare” and “music.” These common passwords imply that many of the user accounts associated with the service were throwaway accounts, where the users did not consider their accounts to be all that valuable.
Most people have about three to five passwords they reflexively choose from for online services: one or two “personal” passwords for email and social media, an “important” password used for banking and finances, a “work” password for job or school, and a “throwaway” password such as the ones seen in the iMesh breach.
So, when compared to the LinkedIn corpus of credentials released in May, the iMesh corpus of passwords is not only smaller — 15 million versus the LinkedIn set of over 167 million — but of lower value to both attackers and researchers.
The one feature of the iMesh credential set that may be interesting to researchers is the inclusion of user IP addresses, along with usernames and passwords. IP addresses can be used to geolocate users, so a line of research to find out where in the world usernames and throwaway passwords are more popular might be academically interesting.
However, trading in large sets of compromised credentials is legally touchy in most jurisdictions, even when those data sets are publicly available, so researchers should be cautious and seek legal advice before acquiring the data dumps for academic purposes.
Spammers are the most likely consumers of this data, since email addresses linked to IP addresses can give spammers a more accurate, geolocated dimension to their mailing lists. Email addresses and physical locations, after all, are difficult to change, so are more useful for spamming and phishing campaigns than the passwords might imply.”