Pastebin, the popular text pasting tool, has announced new measures on its use, which has left security researchers very unhappy. Cloud security course experts point out that Pastebin is widely used by ethical hackers and threat actors for publishing leaked code, data and personal information, and it is often too complicated to track users.
Although many considered it a simple tool for publishing text, Pastebin was consolidated as one of the most popular repositories on the Internet, although it is also widely used for exposing all kinds of illegally obtained content, including personal and business data filtered into incidents of data breaches and hacking. However, security researchers could also take advantage of Pastebin, using this platform as a starting point to find a threat actor.
While very useful in investigating cybersecurity incidents, it seems that Pastebin administrators are unwilling to keep cooperating with information security researchers. According to cloud security course specialists, multiple researchers began to complain, as they could no longer collect information from this platform using a special API; it is worth mentioning that Pastebin sells the permanent license to use this API for $50 USD.
By questioning the company via Twitter, the researchers got the worst possible answers: “This API has been discontinued due to abuse by third parties, conduct that is prohibited, and our current Terms and Conditions.” Apparently, Pastebin updated its terms and conditions a week ago, although the change went unnoticed by researchers, until now.
Previously, Pastebin’s usage policy allowed data collection for a variety of purposes: “Computer security professionals may collect public and non-personal information published on Pastebin for research and data archiving purposes. The collection for spam purposes and sale of personal information to recruiters, job bags, etc.” is prohibited. Instead, the new Platform Terms and Conditions have completely removed any reference to information collection, cloud security course specialists mentioned.
Multiple members of the cybersecurity community have tried to contact Pastebin, although so far they have received no response besides generic releases and some Twitter posts.
According to the International Institute of Cyber Security (IICS), this measure only encourages the use of Pastebin as a repository for the publication of illegally obtained information, as well as hindering the hard work of independent law enforcement agencies and security researchers.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.