Hacker News new | ask | show | jobs
by templeosenjoyer 886 days ago
The leaked dataset Troy refers to wasn't the real Naz.API list, and the "illicit.services" website Troy says is defunct is actually online at https://search.0t.rocks/. You can use this to see if you're in the real Naz.API dataset (which is way scarier than the data shared on breachforums). Those who are particularly interested can abuse the wildcards for search to scrape passwords associated with some email/username and create their own Naz.API "mirror" (as far as I know, there are only a handful of people with access to this dataset), though the rate-limiting may prove to be an irritating obstacle. The site owner may find issue with this too, as it certainly wasn't intentional, but when I tried it a few months back it worked perfectly.
2 comments
miyakoyako 886 days ago
0t creator here. Please do not scrape it! If you have a specific request for data (i.e. data from your business), look around for the riseup email on the announcements channel and contact from a DKIM validated company email address.
link
jve 885 days ago
Is this for Naz.API data or all leaks?

Because I see entries for twitter/bittorent/Collection1 which HIBP already informed me years ago. So either Naz.API is aggregate of leaks with new or not new info or 0t provides data from various leaks.

link
miyakoyako 885 days ago
All leaks. 0t is a collection of many leaks not just naz.api
link
fr3nzy4x 885 days ago
im pretty sure that Naz.api is just a collection of new and old breaches and stealer logs because my data that was in Naz.api is the same as the data that was leaked in the polish credentials data breach (im not even polish idk why im in this)
link
charcircuit 886 days ago
Searching it is timing out for me, but if this works it would be much more effective to know what actually leaked.
link
templeosenjoyer 886 days ago
Ha, it was working fine moments before I posted the comment, times out for me now too. Try revisiting later on, it definitely works great. From what I remember it was essentially created as a "fuck you" to Peter Kleissner, the creator of https://intelx.io/, who charges exorbitant prices to search breaches.
link