Security experts found a huge database containing over a billion unencrypted user credentials on the dark web.
Just last week, a massive 41-gigabyte file was found by security researchers from the California-based identity threat intelligence company, 4iQ, being circulated on the Dark Web. The said file contains a staggering 1.4 billion user credentials that are in plain-text.
Indeed, in this age where identity theft and hacking are rampant, nothing should horrify you more than to know that your online credentials might have been compromised and are out there, waiting to be exploited by faceless cybercriminals.
Reports said that 4iQ researchers have spent days monitoring various Dark Web sites, hacker forums, and online black markets for leaked or stolen information. That’s when they stumbled upon the said file that has different combinations of unencrypted usernames and passwords.@4iQ researchers found a huge database of user credentials on the #DarkWebClick To Tweet
According to security researchers, the data from the file came from past breaches that were collected and combined into one large database. So, if any of your online accounts have been compromised in at least one of the numerous high-profile breaches involving popular websites these past years, it’s highly likely that your account information is in this newfound database.
Uncovering Billions of User Credentials
The researchers noted that the database is alphabetized and indexed, making it more convenient for anyone to search through billions of username and password combinations. The database was amassed from around 250 previously reported breaches which include popular websites such as LinkedIn, Netflix, Last.FM, MySpace, Zoosk, and YouPorn, as well as games like Minecraft and Runescape.
Julio Casal, founder and CTO of 4iQ, noted that the discovered file is the most massive aggregation of various leaks that’s ever been found in the Dark Web to date. They also found that around 14 percent of the passwords and usernames, roughly 200 million, had not previously been available in readily-usable decrypted form. Furthermore, upon testing, some of the passwords have been verified to be true.
“None of the passwords are encrypted, and what’s scary is that we’ve tested a subset of these passwords and most of the have been verified to be true.” ~ Julio Casal
“The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records,” Casal said. “This new breach adds 385 million new credential pairs, 318 million unique users, and 147 million passwords pertaining to those previous dumps.”
Risk of Using Weak Passwords and Re-Using Old Ones
While some of the breaches happened a few years ago, cybercriminals still have good chances of accessing personal accounts because of people’s lousy habit of using easy and common passwords or re-using their old ones.
A thorough examination of the file gave researchers a glimpse of some of the most commonly used passwords in the database. It includes passwords such as “123456,” “123456789,” “qwerty,” “password,” and “111111.”
The culprits behind the said file exposing billions of user credentials are still unknown. However, they left Bitcoin and Dogecoin wallet addresses should anyone wanted to donate to their alleged efforts.
We strongly suggest that you double check all your online user credentials and make the necessary password changes to prevent potential hacking attacks.