You must have read news about hackers dumping the data online, recent one was Ashely Madison. It's only the big companies' data, which gets noticed once it is out. There are many other small leaks which don't even get a mention. So this article is the first one of my series which will help you to find hacked accounts. Some of you must already know about this, but this post is intended for the new learners. This also serves as an example of my learning how a good service can be used in other ways it is not intended to.
NOTE: Please note that this article is for information purposes only and please do not put it to illegal use whatsoever. You can get tracked if you do not know what you are doing.
https://haveibeenpwned.com/ is a great service which allows users to check if they have an account that has been compromised in a data breach. The concept is just enter an email, hit search and it will tell if the account details were leaked online.
Breaches are the information form breached websites, which will mostly have full credentials available online, that is username and password.
Pastes are the information someone have pasted online on sites like Pastebin. Read more about it on https://haveibeenpwned.com/Pastes
Now there are two ways, if you are searching for a specific email address try the regular search on haveibeenpwned otherwise if you just want get your hands on any hacked accounts just open Latest Pastes page on haveibeenpwned. https://haveibeenpwned.com/Pastes/Latest
This page lists various pastes online which contain email addresses and passwords. Just click on the paste and voila you'll get loads of information.
Please note that not every paste will have username password combinations. And not all pastes that do have will work. Its a time consuming method of trial and error. But once you start doing it over and over you'll learn how to differentiate between legitimate hacked accounts and other accounts which do not work.
Part 2 of this post will be focused more on exploring pastes, what to look for while reading information, what accounts to check for in a paste, reading pastes which were removed from sites and more. That will only happen if I get a good response for this article. So do not forget to give Kudos for this one if you find it helpful. Thank You!
EDIT: Part 2 of this series is live at https://null-byte.wonderhowto.com/how-to/find-hacked-accounts-online-part-2-pastebin-0164613/
Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.