> Edit: Fount it. It’s a Seagate NAS operating system. As in Network Attached Storage. NAS.api is their API. So I think someone(s) was using Seagate NAS equipment and the API was insecure. Appears that Seagate is to blame for making an API that has some vulnerabilities
I got the email from HIBP but I've only ever owned one Seagate SATA HDD, never any of their NAS products, nothing cloud connected from them at all. This must be more than just Seagate.
I've definitely never had a Seagate NAS before, but my email was in the breach.
Quite annoying, because it's my personal gmail which I rarely ever use to sign up for anything. Given that I maybe only have 15-20 accounts tied to that email, I wonder if I should just cycle through each password through HaveIBeenPwned's service.
> That last number was the real kicker; when a third of the email addresses have never been seen before, that's statistically significant. This isn't just the usual collection of repurposed lists wrapped up with a brand-new bow on it and passed off as the next big thing; it's a significant volume of new data. When you look at the above forum post the data accompanied, the reason why becomes clear: it's from "stealer logs" or in other words, malware that has grabbed credentials from compromised machines. Apparently, this was sourced from the now defunct illicit.services website which (in)famously provided search results for other people's data along these lines
https://www.cvedetails.com/vulnerability-list/vendor_id-1196...