Great work by the HIBP team as usual but I am puzzled by something, maybe someone can shed light on it?
I'm managing a domain search dashboard for a company, and for one domain all the recent stealer log breaches contained addresses with the domain - but all the local/user parts were bogus - for example, fabuchoy@example.org where fabuchoy was never a user, the email never existed.
So nothing is in danger but where do these bogus addresses come from? Is someone just trying to log in somewhere with random addresses (with our domain) and then the (failed) login attempt gets sniffed by some malware and ends up in the breach dumps? Or are the cybercriminals just padding their dumps with made-up addresses?
I'm managing a domain search dashboard for a company, and for one domain all the recent stealer log breaches contained addresses with the domain - but all the local/user parts were bogus - for example, fabuchoy@example.org where fabuchoy was never a user, the email never existed.
So nothing is in danger but where do these bogus addresses come from? Is someone just trying to log in somewhere with random addresses (with our domain) and then the (failed) login attempt gets sniffed by some malware and ends up in the breach dumps? Or are the cybercriminals just padding their dumps with made-up addresses?