Huge database of 1.4 BILLION hacked usernames and passwords found for sale on the Dark Web


Security experts have discovered a database containing more than one billion email addresses, usernames and passwords for sale on the Dark Web.

The discovery was made by cyber security firm 4iQ who say the sensitive data is available unencrypted and in alphabetical order meaning it is easy for anyone to search.

Security experts say the data, which totals 41GB has been aggregated from 252 previous high profile hacks.

The data is thought to include login details from the likes of LinkedIn, MySpace and LastFM, as well as other popular sites such as Gmail and PayPal.

The database also includes user credentials from Netflix, which could have been obtained during recent email scams which tricked users into handing over their account details.

Commenting on the discovery database, Julio Casal, founder of 4iQ said:

“None of the passwords are encrypted, and what’s scary is that we’ve tested a subset of these passwords and most of the have been verified to be true.

“This is not just a list. It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports.

“Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.

“This database makes finding passwords faster and easier than ever before. As an example searching for “admin,” “administrator” and “root” returned 226,631 passwords of admin users in a few seconds.”

4iQ also published the the top 40 passwords that make up the data breach – and it makes for painful reading.

The security firm found that “123456” was the most common password, used on some 9.2 million accounts.

Other passwords to feature in the top 10 include “123456789”, “qwerty”, “password”, “111111” and “abc123”.


Comments are closed.