On the 13th of September

A message about an array of personal data that that is available on the Internet appears on the site securityaffairs.co
The volume of the array is 42M records. Contains 755 files totalling 1.8GB.

Operator at kayo.moe found a 42M Record  Credential Stuffing Data containing email addresses, plain text passwords, and partial credit card info.

A huge archive containing email addresses, plain text passwords, and partial credit card data has been found on a free anonymous hosting service, Kayo.moe.

The operator of the service shared the file with the popular expert Troy Hunt who operates the Have I Been Pwned (Have I Been Pwned HIBP) data breach notification service asking him to check the source of the huge trove of data.

The data is not related to a data breach of kayo.moe, the platform was not impacted by any incident.

According to Hunt, the data in the archive were collected for credential stuffing attacks, typically hackers obtain data from multiple breaches then combine them into a single unified list.

The attackers were likely planning to run them automatically against multiple online services and compromise user accounts.