social network

A bot appeared in Telegram that aggregates all known database leaks. You can learn the “merged” passwords from the mail

Simply enter the email address, and the bot will send the passwords known from it.

Red painted passwords from the mail. 
Gray – email addresses

The Telegram messenger has a bot called MailSearchBot, with which you can check whether your email address was in one of the leaked databases.

All that needs to be done is to send the bot an e-mail address in private messages, and he will send back a list of “merged” passwords from her if they were in one of the databases. 8 out of 10 employees of the Committee publishing house found their old passwords in the bot’s databases.

In a conversation with , the creator of the bot, Batyrzhan Tyuteev, said that at the moment the bot’s database contains about 9 billion entries in the login and password bundle, and more than 3 billion are waiting for their turn to load. According to him, the bot is “assembled on the knee” and launched on a home computer.

I recommend changing the password in case the current one is found. I really hope that no one will suffer because of the work of my bot.

Batyrzhan Tyuteev creator of MailSearchBot

Tyuteev is the founder and technical director of NitroTeam, which conducts tests for penetration into computer systems, simulating an attacker’s attack.

According to him, some of the data for the bot was provided to him by the same information security (IS) specialists as he, but with the condition that he would not monetize this data. Tyuteev also clarified that he and his colleagues are trying to accumulate a large amount of data in their own databases: “We collect a very large amount of data, but sometimes we do not know what to do with all this”.

The idea to implement such a tool was long overdue, but we still could not get together and just start. But just over a month ago, my colleague Alexander Kim was the first to drop a link to one of the databases to the chat. And I began to “parse” it (analyze – approx. ) and load it into the database. Then another colleague threw off the next database, and so, one by one, we began to piece together our own database of leaked passwords.

Batyrzhan Tyuteev creator of MailSearchBot

Tyuteev noted that about 10 thousand unique users use a bot per hour. But he added that perhaps no one would ever have learned about the bot if his friend and information security specialist did not publish the bot in his Quotation Telegram . “It was after its publication that the other channels picked up information about this bot and began to force it,” said Tyuteev.

In addition to MailSearchBot, Tyuteev also developed another bot, which shows the subscriber’s Facebook page by phone number. With it, you can check your privacy settings or find out the owner of the phone number.

The developer explained that he created these services in order to draw attention to the problem of personal data. Tyuteev lives in Kazakhstan, and, according to him, despite the fact that the country has a law on personal data, it is not implemented properly.

The fact is that we have a lot of Internet services in Kazakhstan, through which you can do almost anything. And yes, it is cool, it is convenient. But companies that you trust their personal data and who are obliged to protect them in practice, treat them carelessly.

The problem of protecting our personal data fades into the background for the sake of convenience. Now it is much more important for everyone how quickly you launch this or that service, and it doesn’t matter how much it is protected.

Batyrzhan Tyuteev creator of MailSearchBot

Back to top button