Comment by wswope
2 months ago
Say you’re a blackhat OSINTer trying to steal crypto. You have a first initial and a last name for a target (“J. Smith”) - plus you know this person is on github and discord.
You take out your handy email list and run a regex to find candidate accounts that match “J Smith”. You pipe matches into a recon script to check if github and discord accounts exist for each email. Suddenly, you’ve got a small pool of matches. You try more account-existence recon to find all the sites they’re signed up on. You look up all breached creds tied to the target emails, then run cred stuffing against any sensitive services they’ve signed up for.
Boom, you’ve gone from first initial + last name to compromising an account in thirty minutes.
Surely the key part of this is "this person's email address and password has been published online together" rather than "I can identify this person's email address."