Pastebin — Public Pastes¶
What this is¶
Pastebin is the most well-known "one-click text sharing" service. Originally built for sharing logs and code snippets between developers, it became the standard venue for:
- Publishing database dumps after breaches.
- Sharing lists of compromised credentials.
- Coordination among hacker group members.
- Accidental drops of production config files ("just to show a colleague").
Why this matters¶
If your domain, corporate email, or fragment of internal code shows up in a public paste, it's almost always an incident. Either a dump after a breach, an insider leak, or a careless dev drop.
Response time is critical: a paste may live only hours before search engines index it and attackers find it. Once indexed, the leak becomes part of the public internet forever.
BCP Portal monitors new pastes in near real-time and alerts on matches against your keywords.
What we look for¶
- Mentions of your domain —
yourcompany.com,@yourcompany.com, subdomains. - Corporate emails from your DataSource list.
- Keywords — product name, brand, project codename.
- Generic secrets — even without an explicit link to you, AWS key, GitHub PAT, Stripe key patterns trigger an alert in case the keys are yours.
Severity¶
| Severity | Criteria |
|---|---|
| Critical | Paste contains your domain + words password, dump, database, credentials |
| High | Corporate email match or recognized secret |
| Medium | Domain or keyword mention without additional context |
| Low | Generic secret with no explicit tie to your resources |
What you see in the dashboard¶
A finding includes:
- The paste URL on Pastebin.
- A locally saved copy of the text — even if the paste disappears in an hour, you have evidence for investigation.
- What matched and where in the text — with ±3 lines of context.
- The paste author (if any) and publication date.
- Severity and recommended action.
How to connect¶
- Settings → Detection Sources → Pastebin.
- Confirm you have a Pastebin PRO account (required for scraping API access).
- If not — a link points to the PRO purchase page (~$50 lifetime).
- The first scan starts after confirmation.
Why Pastebin PRO
Pastebin has no public search API. Viewing new pastes in near-real-time requires their paid Scraping API. This is Pastebin's limitation, not ours.
Scan schedule¶
Pastebin publishes 10-50 new public pastes per minute. Recommended frequency — hourly for minimal lag between paste appearance and detection.
For critical DataSources (like your main brand's domain) you can configure scans every 15 minutes.
FAQ¶
Do you monitor pastebin clones — ghostbin, dpaste, paste.ee? Not yet — only pastebin.com. Other clones are on the roadmap.
What to do on a "our domain in a paste" finding? 1. Open the locally saved copy and figure out what it is: a dump from your system or just a passing mention? 2. If it's a dump — incident response, rotate credentials for all accounts in the dump. 3. File a takedown request with Pastebin (abuse form). 4. Trace how the data leaked (insider, breached system, dev error).
How many false positives? Low for domain/email matches — those are quite specific strings. Higher for generic secret patterns — worth attention only at High+ severity.