What is it?
Unauthorized information disclosure via “paste” sites has been a common occurrence as a part of recent high-profile information security breaches. Attackers often use paste sites after the initial compromise to announce their conquests and share breached data.
How does it work?
Many paste sites allow anonymous submission of data, allowing attackers to leave sensitive information without repercussions.
Should I be worried?
When sensitive details are released, innocent bystanders often have their account credentials compromised.
How can I prevent it?
The best prevention is to limit password reuse in order to prevent attackers from using compromised credentials to login to other websites. Users can also set up “search alerts” to identify when search engines discover information like credit card prefixes. Upon discovery of this malicious behavior, the paste site can be notified to take down the disclosed information.