Return to forum

donjuji · August 30, 2022 at 9:12 AM

Hello BreachForums Community,
Today I have uploaded the HomeRefill Database for you to download, thanks for reading and enjoy!

In April 2020, the Brazilian shopping website HomeRefill suffered a data breach that impacted 194k users. The attack led to the exposure of data including Email addresses, Full names, Phone numbers, Dates of birth and Passwords stored as SHA512 hashes. The website was breached by @donjuji - "initial attack vector was misconfigured aws s3 bucket".

Compromised data: Email addresses, Full names, Phone numbers, Dates of birth, Passwords

ContentsSpoiler

The .7z File's MD5 Hash is 06E97AFD82289725CBE82485CC939E45. In total, there are 194079 records. The file is 94.43MB uncompressed and 30.98MB compressed.

Hidden Content

You must register or login to view this content.

Database Index <> How To Get Credits

pompompurin · August 31, 2022 at 7:34 AM

Samples: https://pastehub.net/c8bd94902b0

Fun fact: I also had access to this, anyone who wants to fuck around before they fix it here is their s3 AWS Keys:
AKIAIDJNMJDKTQI4F4XA
X4N980MZVFKIFplWZQCkPvu3yKHf6O0a8nlCsquQ

stackerofwheat · September 1, 2022 at 8:01 PM

awesome find! hashes aren't md5 though. are they encrypted somehow?

pompompurin · September 12, 2022 at 7:16 AM

(September 1, 2022, 08:01 PM)stackerofwheat Wrote: awesome find! hashes aren't md5 though. are they encrypted somehow?

Hmmm.. Sorry no clue.

stackerofwheat · September 13, 2022 at 9:35 PM

(September 12, 2022, 07:16 AM)pompompurin Wrote:
(September 1, 2022, 08:01 PM)stackerofwheat Wrote: awesome find! hashes aren't md5 though. are they encrypted somehow?

Hmmm.. Sorry no clue.

it's SHA512

God · October 30, 2022 at 9:27 PM

The hashes are base 64 encoded, decode them to hex and then wrap the salt in curly brackets. Algorithm is then sha512($pass.$salt)

Example:

2a8794eb19aee69dff655c22b8a05b41ca11cc0010490ff36538b33e9246c6e283e8d51978f6d42d4041e979d617dcad6b4059808fdb741782a8aa70a19e8a84:{kk2nqcvfyts8c00wcwk04g4osckowk}:frederico
53d2b24e73dba5566d8e0f0af5c94f44ccdde80f9788b22e6b7055ec7932e465525b715c9922a67a0220783318ba924288e4ce98b49ee0707c25ae69b810bca2:{ot2ky0nm8q8og0c0ws00oswok4040o}:tricolor
35843efdad084b08cf09688afdb5b0f44ac7c1151bcf34aa6180822c5187f8dee86713c2adc81f462d8495547f055860427599ddddc8ff32f51e874d80df58cd:{ga28ufnt6rwogg8owco004g8o848c8}:123123..
996e2427d3c60d0a008b6a5e2dc61fb1d5bf93030ad1d8a4865a8f1ac02d8dfca30d2dd87de4b02c72d602345f724beb03a61555862247622ab2bb499cb931f8:{5u29utr2q800kgc4sk8kso0kw4s8w0}:simpsons
94d538e67970de9962c3fefeef381495167325f473be819122a876b4b632e04ed31d86a899faa2283faee93849ac3490a8dba88a4cac9fc5c188279b02e717c7:{mc2lw64wark0ok0k8s4k08woc4s8wg}:259

thekilob · October 30, 2022 at 9:30 PM

(October 30, 2022, 09:27 PM)God Wrote: The hashes are base 64 encoded, decode them to hex and then wrap the salt in curly brackets. Algorithm is then sha512($pass.$salt)

Example:

2a8794eb19aee69dff655c22b8a05b41ca11cc0010490ff36538b33e9246c6e283e8d51978f6d42d4041e979d617dcad6b4059808fdb741782a8aa70a19e8a84:{kk2nqcvfyts8c00wcwk04g4osckowk}:frederico
53d2b24e73dba5566d8e0f0af5c94f44ccdde80f9788b22e6b7055ec7932e465525b715c9922a67a0220783318ba924288e4ce98b49ee0707c25ae69b810bca2:{ot2ky0nm8q8og0c0ws00oswok4040o}:tricolor
35843efdad084b08cf09688afdb5b0f44ac7c1151bcf34aa6180822c5187f8dee86713c2adc81f462d8495547f055860427599ddddc8ff32f51e874d80df58cd:{ga28ufnt6rwogg8owco004g8o848c8}:123123..
996e2427d3c60d0a008b6a5e2dc61fb1d5bf93030ad1d8a4865a8f1ac02d8dfca30d2dd87de4b02c72d602345f724beb03a61555862247622ab2bb499cb931f8:{5u29utr2q800kgc4sk8kso0kw4s8w0}:simpsons
94d538e67970de9962c3fefeef381495167325f473be819122a876b4b632e04ed31d86a899faa2283faee93849ac3490a8dba88a4cac9fc5c188279b02e717c7:{mc2lw64wark0ok0k8s4k08woc4s8wg}:259

Very interesting, thanks for sharing your knowledge with us.