December 12, 2017 by

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of 1.4 million login credentials including emails and passwords – in clear text.

The cache, accumulated from various sources and breaches, is believed to be the largest of its kind. They are believed to be collected from several credential lists including Anti Public and Exploit.In, as well as other dumps from prominent data breaches at LinkedIn, MySpace, Netflix, Bitcoin, Pastebin, Last.FM, Zoosk, YouPorn, Badoo, RedBox, Minecraft and Runescape.

Researchers deemed it the largest aggregate database found in the dark web to date. Alarmingly, they added:

None of the passwords are encrypted, and what’s scary is the we’ve tested a subset of these passwords and most of the have been verified to be true.

Just as menacingly, the cache isn’t just a list. Rather, it makes for an aggregated interactive database that allows the malicious user to instantaneously search for passwords and new breach imports. The data is also organized alphabetically, revealing trends in how people form, reuse and create repetitive passwords over time.

“Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover,” researchers wrote.

The 41GB dump was discovered on 5th December 2017 in an underground community forum. The database continues to be updated, with the last set of data inserted on 11/29/2017, bringing the total amount of credentials (usernames/clear text password pairs) to 1,400,553,869.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Data Breach: Florida Warns of 30,000 Medical Records Leak Due to Phishing

Florida’s health agency has warned of a data breach that may have exposed the data of up to 30,000...

Read more arrow_forward

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register...

Read more arrow_forward

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward