HomeNewsBreachesAbout
Account
naz.api-2023

NAZ.api Breach

Sep 20, 2023

224,267,936 rows

Added on Jan 13, 2025

Search the Leak

Email
Phone Number

What happened in the NAZ.api Breach?

DataBreach.com Team · January 12th 2025, 7:00 pm EST

Naz.API was a massive credential dataset posted in September 2023 on a popular hacking forum by a user identified as “0x64.” The archive reportedly contained about 104GB of data across 319 files. Analysis by DataBreach.com found the exposed data included approximately 222 million passwords, 69 million email addresses, and roughly 406,000 phone numbers.

The Naz.API dataset does not appear to have originated from a single breach. Instead, it was assembled from a mixture of credential stuffing lists and stealer logs. Credential stuffing lists typically contain username-and-password combinations taken from prior breaches and reused in automated account takeover attempts. Stealer logs, by contrast, are generated by infostealer malware, which extracts credentials, browser cookies, autofill data, session tokens, and other sensitive information directly from compromised devices.

That mix made Naz.API especially useful to threat actors. In addition to large volumes of email addresses and plaintext passwords, the dataset also included other exposed identifiers, including phone numbers, and in some cases referenced associated services. Collections like this can be used to support account takeover, phishing, fraud, identity correlation, and follow-on intrusion activity.

The dataset gained additional notoriety through its apparent use by illicit.services, an open-source intelligence platform that allowed users to search exposed personal information. Although the service had been shut down in July 2023 amid misuse concerns, it briefly resurfaced in September 2023 around the same time Naz.API became publicly available.

Further analysis suggested that about 35% of the email addresses in Naz.API had not previously appeared in major breach-notification services, indicating that a substantial portion of the data may have been newly surfaced rather than entirely recycled from older public credential collections.

For media inquiries, contact us at contact@databreach.com