cybersecurity

5900 readers

50 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

Where to download breached dbs legally? (self.cybersecurity)

submitted 2 years ago by alex_02 to c/cybersecurity

3 comments fedilink hide all child comments

I found this tool on github:

https://github.com/hmaverickadams/breach-parse

and there is also h8mai, but just wondering if there are any other places I could go to download more dbs for offline research? I am willing to pay a small fee, but I want a site that isn't shady and is legitimate for research.

you are viewing a single comment's thread
view the rest of the comments

[–] CarrierLost@lemmy.one 5 points 2 years ago (1 children)

So “technically” I don’t think downloading breach data would be legal in the U.S. at all. It’s essentially possession of stolen property.

I’m not a lawyer, but trafficking in stolen account dumps just doesn’t seem like something “reputable” sites want to do, which is why you’re normally stuck with the shady stuff.

Caveat: I could be entirely wrong about this.

[–] alex_02 4 points 2 years ago* (last edited 2 years ago) (1 children)

There have been several sites in the past that allowed you to download confirmed breached dbs and not sites like raidforums.

There is a list of laws here: https://www.ncsl.org/technology-and-communication/security-breach-notification-laws

[–] CarrierLost@lemmy.one 2 points 2 years ago

Great info! Thank you. :)