A data leak differs from a data breach in that the former usually happens through omission or faulty practices rather than overt action, and may be so slight that it is never detected. While a data breach usually means that sensitive data has been harvested by someone who should not have accessed it, a data leak is a situation where such sensitive information might have been inadvertently exposed. pwndb is an onion service where leaked accounts are searchable using a simple form.
After a breach occurs the data obtained is often put on sale. Sometimes, people try to blackmail the affected company, asking for money in exchange of not posting the data online. The second option is selling the data to a competitor, a rival or even an enemy. This data is used in so many different ways by companies and countries… but when the people responsible for obtaining the data fail on selling it, the bundle becomes worthless and they end up being placed in some sites like pastebin or pwndb.
pwndb is a tool to search for leaked creadentials on pwndb using the command line.
| | |
_ ____ ___ __ __| | |__
| '_ \ \ /\ / / '_ \ / _` | '_ \
| |_) \ V V /| | | | (_| | |_) |
| .__/ \_/\_/ |_| |_|\__,_|_.__/
pwndb.py -u <username> -d <domain>