A report from Troy Hunt, the creator of the website Have I Been Pwned, alerted readers to a major data leak from Naz.API, a database containing data from over 70 million accounts and over a billion unique records. Hunt’s investigation has revealed “a significant volume of new data” and newly compromised accounts, and these accounts’ owners are at risk.

According to the report, a “well-known,” unnamed technology firm discovered the dataset in a hacking forum post published in September 2023, through a bug bounty submission, and contacted Hunt with these details. 

An investigation into these findings revealed that 34.97% (over one-third) of the email addresses in this dataset were new, and not available in Have I Been Pwned’s database. The report’s findings indicate that these credentials were compiled from infostealers exfiltrating  credentials from compromised endpoints and environments, and data stolen in several credential stuffing attacks and previous breaches. (In fact, Hunt also recognized his own information from an illegal website that allowed threat actors to search for people’s data.) 

The report also shared a screenshot of the stealer logs, which contained a URL to login, an email address to log in, and the password in his findings.

In total, Hunt identified 319 files, with a total file size of 104 GB. He was also able to verify that the credentials were real by contacting several people listed in these infostealer logs, and by using website password request forms or registration forms to confirm that the email address exists in their account bases.

Are You Rotating Your Credentials?

The size of this data leak poses a major risk to MSPs and end users alike, and truly emphasizes the risks associated with stale or reused credentials and standing privilege, such as persistent admin accounts. 

Are You Implementing Zero Standing Privilege?

That’s why security best practices require individuals and organizations to mitigate their risk by regularly rotating critical credentials, and limiting privileged access through solutions like Just-in-Time access.

CyberQP’s security experts recommend that concerned MSPs and end users take the following actions to mitigate their risk:

• Check if your data has been compromised with a service like Have I Been Pwned.
• Add another layer of protection to your key accounts, including complex passwords or passphrases and multi-factor authentication (2FA/MFA).
• For privileged accounts, utilize a password vault and implement additional protection, such as end user identity verification. 
• MSPs can implement a moving target defense for their privileged accounts by regularly rotating credentials to deter threat actors and prevent them from achieving a foothold in your environment or executing lateral movement attacks.  
• MSPs can also reduce their attack surface with Just-in-Time accounts that only grant privileged access for the amount of time a user needs it. Solutions like these also enable them to meet compliance and cyber insurance best practices by achieving zero standing privilege. 

CyberQP redefines Zero Trust Helpdesk Security with leading-edge Privileged Access Management (PAM) and End-User Access Management (EUAM) solutions. Our platform enables secure elevated access for both technicians and end users, along with robust self-serve and identity verification capabilities. Backed by SOC 2 Type 2 certification, we empower IT professionals to eliminate identity and privileged access security risks, enforce compliance, and enhance operational efficiency. Our mission is simple: “Empowering Access, Redefining Privilege” for help desks around the globe. To learn more visit: https://cyberqp.com/tours

When I heard this, I knew immediately how excited this one is going to make many of our partners. CyberQP has just launched its game-changing Zero Trust Helpdesk Security Platform, designed to tackle one of the biggest challenges in IT security: managing all the layers of privileged and end-user access without the headache. 

Let’s face it: cyber threats are getting smarter. Bad actors today are using sophisticated social engineering attacks like Vishing and impersonation to circumvent traditional cybersecurity tools. But with CyberQP’s platform, companies can lock down access, boost productivity, and rest easier knowing their systems are secure. 

At the heart of this new platform are two powerful tools: QGuard and QDesk. 

QGuard is your go-to solution for Privileged Access Management (PAM). It eliminates standing privileges, reduces the risk of credential-based attacks, and ensures technicians get only the access they need—when they need it. No more passwords to steal or stale admin accounts floating around.

QDesk takes End-User Access Management (EUAM) to the next level. It simplifies identity verification, manages password resets, and streamlines secure access for end users. Best part? It integrates seamlessly with your existing PSA tools like ConnectWise and Autotask.  

We get it—sometimes end users need admin access to get their jobs done. But granting full, unrestricted access? That’s a risk no one wants to take. That’s where End-User Elevation comes in. With this new feature, end users can request time-limited, process-based admin access that’s automatically revoked once they’re done. Technicians can approve just the applications or installations that require elevation, keeping security intact. 

• Auto Approval Rules Engine: Customize automatic approvals for trusted applications.
• Process-Based Elevation: Approve only what’s necessary without exposing the whole system.
• Audit Logs: Maintain complete visibility with detailed records of all elevation requests.
  

The CyberQP platform is built with Zero Trust principles at its core. That means no one is trusted by default—every request is verified, every action is logged, and access is always limited to the bare minimum required. 

This approach drastically reduces the attack surface, preventing ransomware attacks, credential theft, and other malicious activities. 

Ready to experience a more secure, efficient helpdesk? CyberQP’s Zero Trust Helpdesk Security Platform is available now. Say goodbye to standing privileges and hello to smarter, safer access management. 

Book a Demo and see how we’re redefining privilege management.

CyberQP redefines Zero Trust Helpdesk Security with leading-edge Privileged Access Management (PAM) and End-User Access Management (EUAM) solutions. Our platform enables secure elevated access for both technicians and end users, along with robust self-serve and identity verification capabilities. Backed by SOC 2 Type 2 certification, we empower IT professionals to eliminate identity and privileged access security risks, enforce compliance, and enhance operational efficiency. Our mission is simple: “Empowering Access, Redefining Privilege” for help desks around the globe. To learn more visit: https://cyberqp.com/tours