ShellCodeX Breach Report
Naz.API Data Breach
Verified breach
Passwords exposed
Accounts exposed
70,840,771
Breach date
20 Sep 2023
Added to tracker
17 Jan 2024
Data classes
2
What happened
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords.
Exposed data
Email addresses
Passwords
Recommended actions
- Change your Naz.API password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Naz.API โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP