A new bot that appeared in the Telegram messenger allowed users to find out if their password was noticed in any leaks.[dropcap]C[dropcap]reator of MailSearchBot bot is the founder of Nitro-Team, Batyrzhan Tyuteev. Within a month, Tyuteev together with his colleagues collected leaked databases on the Internet for his service. Currently, MailSearchBot has a database of about 9 billion email addresses, and this figure will soon increase to 12 billion.
In order to check if his passwords have leaked, the user must open and run @mailsearchbot and enter an email address, after which the bot will show what passwords from this mail have leaked. In some cases service also provides leaked passwords for sites on which the user registered with this email address.Such an approach creates a certain threat to users’ safety, and Tyuteev recognizes this. Attackers can enter victim’s email address and retrieve their leaked credentials.
If the victim has a habit of using same passwords for different services, it will be easy for cybercriminals to compromise her other accounts.
Even if leaked data is no longer relevant, cybercriminals can determine the scheme in which the victim chooses his passwords, and crack them by matching.
“If the password to your email is found in the database, immediately change it to a more reliable one that has never been used before”, – recommends Batyrzhan Tyuteev.
Tyuteev does not exclude that in the future a function may appear in the bot that allows you to send a request to delete passwords from service database.