What Is Pastebin and Why The Good and Bad Guys Love It

Reading Time: 5 minutes
  • An alternative to sharing text files via Google Docs, Social Media or Boards
  • Sharing or Uploading Source Code for review and collaboration
  • Advertising dark web links
  • Sharing data that can be automatically deleted after a set time
  • Publicizing breached data
  • Sharing Personal Identifiable Information
  • Twitter users wanting to share more than 280 characters
  • Re-posting text that has been pulled down from other sites

Above are just a few of the reasons that Pastebin has become so popular since its inception in 2002. Keep reading to find out more about Pastebin and other paste sites.

Right – What Is Pastebin?

Pastebin is a site that gives users the ability to create and share plain text documents through public posts called ‘pastes’. With this simple yet effective delivery method – Pastebin receives over 17 million unique monthly users.

Okay But Why Pastebin

After IRC ( Internet Relay Chat ) was created somewhere in 1988 and the popularity of the platform allowed large groups of users to communicate in real time ( I know, it was cool stuff for us Boomers ) – the ability to share large amounts of files became very popular as well.

These files, most of the time including huge swaths of source code, needed a way to easily be sent from one to the other or shared publicly. Thus – the paste site was born and people sure do love it.

It may be out of simplicity, it may be out of good solid performance or a multitude of other reasons – but – Pastebin has taken hold of the past site market, boasting more than 17 million unique visitors – every month.

What Is Usually Shared On Pastebin and Other Paste Sites?

By in large – the legitimate uses of paste sites revolve around sharing and reviewing code.

Pastebin has a keyword search utility that allows the user to find relevant queries based on specific keywords as well as topic.

That being said – it has also increased in popularity as a way of distributing and sharing leaked or stolen data.

While the Pastbin FAQ clearly prohibits the following:

  • Email addresses and password lists
  • Login details
  • Stolen source code
  • Hacked data
  • Copyrighted information
  • Banking, credit card, or financial information
  • Personal information
  • Pornographic information
  • Spam links, including site promotion

How Do The Bad Guys Use It?

Paste sites have a certain stigma about them – sometimes for real reasons and other times the same as ‘all pawn shops’ have a certain stigma, regardless.

Pastebin was sold in 2009 to it’s current owner, Jeroen Vader, after the site had been shut down due to a Hotmail data breach.

Being able to share large text files without a user registration while allowing anonymity through a VPN – Pastebin fits in perfectly with what many adversaries look for in a paste site.

There is also a requirement for users to report any type of abuse – which means that adversaries are not always flagged or removed providing black hat hackers a way to easily and without identification share their stolen data.

Pastebin and similar sites are hosted on the deep web. This means that they’re viewable in a regular internet browser, but the content is not indexed by Google and other conventional search engines. Users must use the site’s internal keyword search tool to find specific content, or get paste links directly from other users.

What Kind Of Data Has Been Leaked On Pastebin?

Not all of the leaks have made the news – but here are a few that did make the news

Google vs. Facebook

May 2011 sparked the highest period of traffic volume to Pastebin after a user posted email correspondences between a Facebook-backed PR agency and Chris Soghoian – an internet security blogger.

In these messages, the agency declined to disclose their client at the time – Facebook – and instead pitched an anti-Google piece focused on causing disruptions regarding their privacy standards.

Infragard

LulzSec, a hacker group, leaked the user base of Ingragard which was an FBI affiliate located in Atlanta. On Pastebin they shared 180 of the users logins, exposing their credentials and email communications that revealed very specific and sensitive intelligence regarding intended U.S. Operations to control Libyan cyberspace.

Ring

Data specific to over 3,000 sold cameras including emails, passwords and user data were shared in December 2019. This data made it possible for a number of attacks focused on accessing customer addresses, camera footage and financial information.

Sony Pictures

One of the most publicized of all the breach disclosures – Sony’s computer systems were hacked in October 2014 by a group known as Guardians of Peace.

This breach disclosed a huge amount of data, including over a million records for employee information, upcoming movie details, specific music codes and financial details.

So – Pastebin is Good and Bad

While some may not agree – the ultimate purpose of Pastebin and similar paste sites are legitimate and good, while with any good thing there will be those who will try to find a way to work the system.

Share your code, help your friends and enjoy the many thing that Pastebin offers all while understanding that some of that data could fall into the wrong hands – so be careful with it as well.

Leave a Reply

Your email address will not be published. Required fields are marked *