NAZ.api Breach

​In September 2023, a substantial dataset known as "Naz.API" was posted on a popular hacking forum by a user identified as "0x64." This collection comprised approximately 104GB of data across 319 files, containing ~70,000,000 unique email addresses and over 200 million unique passwords. The dataset amalgamated information from credential stuffing lists and stealer logs—data extracted by information-stealing malware from compromised devices.
​

Credential stuffing involves using stolen username and password pairs from previous breaches to gain unauthorized access to user accounts on various platforms. Stealer logs, on the other hand, are generated by malware that captures data such as login credentials, browser cookies, and other sensitive information from infected systems. The Naz.API dataset included combinations of email addresses and plaintext passwords, along with associated services, making it a valuable resource for malicious actors.

The dataset gained further notoriety when it was utilized by the open-source intelligence platform illicit.services, which allowed users to search for compromised personal information. Although the platform was shut down in July 2023 due to concerns over misuse, it was briefly reactivated in September 2023, coinciding with the public release of the Naz.API dataset.

Upon analysis, it was found that approximately 35% of the email addresses in the Naz.API dataset were not previously recorded in breach notification services, indicating a significant portion of new data.