NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - MyFitnessPal - who has access to the dump?


7 Results - Page 1 of 1 -
1
Author Message
Avatar
hashbaby

Status: n/a
Joined: Thu, 24 Dec 2015
Posts: 237
Team: OneforALL
Reputation: 473 Reputation
Online
7 days ago

Hi Team

Doing some work for a friend and I have the email address but need to find the associated HASH of his password in the MyFitnessPal dump which I'm unable to find/download. I went over to WeleakInfo, paid for 1 day service and his email comes up but they don't list any passwords or even the HASH, just his email address, IP and Username. I then found another site called dehashed, now these guys are CROOKS. Before I paid I entered in the email address and it displayed quite a few hits and listed whihc DATA DUMP it belonged to but had to pay to reveal, so I did and guess what? NOTHING at all. I entered in a few other valid emails and they do come up but they are very sneaky, not totally a SCAM...

Anyhow, if anyone has access and can provide the HASH to the email I would be greatly appreciated or I'm also willing to pay and move this to PAID section, have BTC handy..


Avatar
dnimativ

Status: n/a
Joined: Wed, 27 Feb 2019
Posts: 88
Team:
Reputation: 40 Reputation
Offline
7 days ago

Dehashed is definitely complete bullshit. And leakcheck.net doesn't do hashes.

Weleakinfo is about as good as you're going to get, to be honest, short of hopping on Tor and being willing to pay thousands. Keep in mind that they're in good faith, but the most common leaked db they have is incomplete to begin with.

Also, try Raidforums, there's a couple of people there who claim to have the full db. You might be able to talk one of them into just selling you the specific info you're looking for instead of the whole thing (assuming they aren't lying, I didn't put anyone I contacted to the test).


Avatar
Clav17

Status: Cracker
Joined: Sun, 01 May 2016
Posts: 583
Team:
Reputation: 516 Reputation
Offline
5 days ago

You're breaking the rules .. since weleakinfo told only old accounts (50m/150m) have a crackable password in mfp il sure no one can help you


Avatar
Chick3nman
Moderator
Status: Trusted
Joined: Wed, 28 Jan 2015
Posts: 565
Team:
Reputation: 582 Reputation
Offline
5 days ago

Clav17 said:

since only old accounts (50m/150m) have a crackable password in mfp


This isn't true, you just need to be me to crack them :P


My PGP key is available for security and identity verification here: https://keybase.io/chick3nman

Hardware: 1x D-WAVE 2000Q

BTC: 1Chick3nMTco6sBEByKuvmAzYTBsGN5KzD

Avatar
Clav17

Status: Cracker
Joined: Sun, 01 May 2016
Posts: 583
Team:
Reputation: 516 Reputation
Offline
5 days ago

Chick3nman said:

Clav17 said:

since only old accounts (50m/150m) have a crackable password in mfp


This isn't true, you just need to be me to crack them :P

Weleak was wrong then..


Avatar
Chick3nman
Moderator
Status: Trusted
Joined: Wed, 28 Jan 2015
Posts: 565
Team:
Reputation: 582 Reputation
Offline
5 days ago

I have a PoC now as far as I know, should work fine for cracking them. They are just crazy slow and don't work on GPU yet.


My PGP key is available for security and identity verification here: https://keybase.io/chick3nman

Hardware: 1x D-WAVE 2000Q

BTC: 1Chick3nMTco6sBEByKuvmAzYTBsGN5KzD

Avatar
hashbaby

Status: n/a
Joined: Thu, 24 Dec 2015
Posts: 237
Team: OneforALL
Reputation: 473 Reputation
Online
5 days ago

So only 1/3 of the full 150M accounts had password that were crackable?

The other 100m accounts what ALGO are they using or hasn't that been found yet?

I've been working on hashes privately and what I have noticed is that ALL PASSWORDS found are lowercase, there is not even one that is upper, Why would they convert all users passwords back into lower before they hashed them into SHA1?, it good for us as it makes decrypting them that much easier as you only need to attack the lower,digits,special character..

Looks like I will have to stop working on them now since the email account I was after does not have a SHA1 hash as it listed as NULL...



7 Results - Page 1 of 1 -
1

We have a total of 179670 messages in 22296 topics.
We have a total of 20621 registered users.
Our newest registered member is thesprit35.