Sites like HaveIBeenPwned have been highlighting just how sloppy modern day companies are with security, your data is out there for the world to see. I decided i’d spend the day seeing what I could find.
I’m not a lawyer and therefore i’m just going to recommend you don’t download any of the data listed.
Whilst this is for educational purposes, i’m not going to bore you with a disclaimer, I don’t host / own / mirror / seed any of the content linked. It can all be found via a couple of google searches and scrolling.
Please email me if you need something removed for legal reasons: [email protected]
They claim to be:
“The biggest free-to-download collection of publicly available website databases for security researchers and journalists.”
There’s a wide array of database sharing Forums, most of which are open to the Public, the largest seemingly being RaidForums. The jist seems to be there’s two sub-sections from the Database section one with official presumably verified ones and the other for anyone to post in, a user posts in there and other users buy them with an on-forum currency named credits, they can then use these credits to buy other peoples databases and visaversa. It also seems that alot of these sites offer a pay to win strategy to where you can buy credits directly from the Forum owner.
There’s a fair few Forums out there which are incorrectly setup and despite normally needing credits to see their hidden links you can just goto /misc.php?action=syndication on them then generate a link for the specific sub-section and view everything for free.
One of the most prominent Database sites used to be Cthulhu’s, whilst it’s now down, the magnet links for it are still going strong.
Both of these are courtesy of a user on Twitter
You can find CthulhuSec on twitter here
If the links provided ever go down I have archives which I can link to.
Another place for alot of Low Level leaks that I came across was Siph0n.net.
A Magnet link to a 41GB file appeared on reddit a few months back consisting of almost all Public Databases including Antipublic and Exploit.in.
When looking around Forums I stumbled across a Russian one named antichat where a user by the name of Guron18 was linking to a cloud.mail.ru storage link full of Databases which didn’t seem to be circulated on other websites.
It has a main folder with about 150 Databases in, and then another folder named ‘HACK’ with another 44 or so in.
You can find the post here.