A security researcher discovered a data dump of 4,000 email password credentials that appear to have been leaked from the porn website lubus.cc. The login credentials were viewed by SCMagazine.com on Monday and were discovered by Red Cell Infosec CEO Dominique Davis (no relation).
The data included 41 login credential associated with U.S. military email addresses (.mil extension) and a credential associated with a State Department email address (state.gov extension). Davis said the credentials were discovered by his firm's Banshee Framework.
The framework, which is currently in beta, also discovered login credentials associated with a .gop email address that was part of a data dump in March that included the email, username, birthday, and cleartext passwords of 27 million users on the Mate1 dating site. The discovery occurred days after Republican National Committee (RNC) Chairman Reince Priebus announced, “We haven't been hacked. And we don't expect to be.”
“That is why you never use your work email on another site,” Davis told SCMagazine.com. In discussing the security posture, he said, “The perimeter looks good, but that still doesn't prevent an intruder from using credentials that were breached on another site and attempting a password reuse attack.”
