The Naz.API Data Breach: What Happened in September 2023?

In September 2023, the cybersecurity community took notice as an enormous dataset dubbed 'Naz.API' surfaced on a hacking forum. This breach included over 100GB of sensitive data—mostly credential stuffing lists and stealer logs. What set Naz.API apart was its sheer scale and the specificity of the data, exposing around 71 million unique email addresses and a staggering 100 million unique passwords, compiled from various leaks. In total, the breach included more than 343 million records, with each record typically containing an email address, a password (often in plain text), and an associated URL. The lists offer direct combinations that threat actors can use to target a wide range of online platforms, making this incident notable among 2023’s breaches.

When Was the Naz.API Breach Discovered?

The Naz.API dataset was publicly posted to a hacking forum on September 20, 2023. In the days that followed, security researchers and data breach monitors identified and analyzed the scope of the leak, confirming its vast reach and significant potential for abuse.

What Information Was Exposed?

The Naz.API breach stands out primarily due to its exposure of email addresses, plain text passwords, and URLs. Many of these records were collated from various prior breaches or malware logs, bundled into one massive and easily searchable database. The presence of plain text credentials makes it particularly valuable to cybercriminals looking to carry out automated credential stuffing or account takeover attacks.

How Many Users Were Impacted?

The breach exposed approximately 71 million unique email addresses and around 100 million unique passwords. In all, the archive comprised over 343 million individual records, reflecting instances where the same user could be represented multiple times if they used their credentials across multiple sites. This aggregation presents a considerable risk, especially for anyone who reuses passwords across different services.

What Was the Source and Purpose?

Naz.API wasn’t sourced from a single website. Instead, it’s a credential compilation, aggregating data from stealer malware logs and previous leaks into a single, massive file. Such databases are often used on underground forums for credential stuffing—automated login attempts using known email and password pairs to gain unauthorized access to accounts elsewhere.

Understanding the Naz.API Timeline

Based on public reporting, the breach was first noticed on or around September 20, 2023, when the dataset became available for download. Security researchers promptly analyzed the release, verified the credentials, and began alerting the public and affected organizations. The data rapidly began circulating among threat actors, increasing the chance for credential abuse in the days and weeks that followed.

Frequently Asked Questions About the Naz.API Data Breach

What details were leaked in the Naz.API data breach?

The Naz.API breach exposed email addresses, plain text passwords, and associated website URLs collected from multiple credential leaks and stealer malware logs.

How many people did the Naz.API breach affect?

About 71 million unique email addresses and around 100 million unique passwords were discovered in the breach database, with a total of more than 343 million records included.

When did the Naz.API data leak occur?

The Naz.API dataset was leaked to a hacking forum on September 20, 2023, and became widely available shortly after that date.

What is a credential stuffing list and why does it matter in this breach?

A credential stuffing list is a collection of email addresses and passwords often used by attackers to try and gain access to other accounts by using the same login information. Naz.API was comprised primarily of these kinds of lists, increasing the risk of account compromise for those affected.

How can I check if I'm in the Naz.API breach?

You can check if your information was part of the Naz.API breach by utilizing the DeHashed search engine.