Massive Dark Web database containing 1.4bn clear text credentials unearthed

Massive Dark Web database containing 1.4bn clear text credentials unearthed

British Dental Association hack: Staff records leaked on the Dark Web

Researchers have discovered a mammoth 41GB database on the Dark Web that contains up to 1.4 billion clear text credentials obtained via as many as 252 previous exploits.

The database on the Dark Web offers an alphabetically-arranged credentials directory to allow fast searchers and is regularly updated with fresh details.

Security researchers at 4iQ recently stumbled upon the world’s largest breached credentials database on the Dark Web that contained as many as 1.4 billion clear text credentials that were obtained by hackers by conducting hundreds of cyber-attacks.

All passwords in the database are in clear text and none of them is encrypted, thereby signifying how easily hackers have been able to obtain or steal passwords of millions of users in the past. The database includes stolen credentials aggregated from dumps like and Anti Public, as well as 385 million new credential pairs and 318 million unique users.

‘The breach is almost two times larger than the previous largest credential exposure, the combo list that exposed 797 million records,’ says Julio Casal, founder of @4iQ.

‘This dump aggregates 252 previous breaches, including known credential lists such as Anti Public and, decrypted passwords of known breaches like LinkedIn as well as smaller breaches like Bitcoin and Pastebin sites,’ he adds.

Casal also found that hackers who have been maintaining the mega-database on the Dark Web have been quite meticulous in their approach. Not only have they managed to bring together stolen credentials from hundreds of breaches on a unified platform, but are also offering alphabetically-arranged credential lists and advanced search tools to make it easier for hackers to choose their victims.

At the same time, researchers at 4iQ also found that the database included details about passwords being used by the same individuals for different accounts. After going through the database, the researchers found that the password ‘123456’was used by 9.2 million users, ‘123456789’ was used by 3.1 million users, and ‘qwerty’ was used by 1.6 million users.

Other commonly used passwords were ‘password’, ‘111111’, ‘12345678’, ‘abc123’ and ‘password1’. ‘This experience of searching and finding passwords within this database is as scary as it is shocking. Almost all of the users we’ve checked have verified the passwords we found were true,’ said Casal.

‘The idea of all of our stolen or breached data, being collated into an easy to search, super database for anyone with the required access to view should be shocking, but sadly it is not. With one of our biggest failings being password reuse, it makes perfect sense for bad actors to collate all of this data for later use,’ says Mark James, Security Specialist at ESET.

‘With so many online accounts owned by each of us, it may be quite hard to determine what accounts we have ( and forgotten about ) and which ones contain data. With each breach that happens, the data that’s stolen may show patterns and trends in our password practices- if we are forced to change passwords regularly, it may show our thought processes that could enable an attacker to utilise that data for later attacks.

‘One of the concerns as always, is the amount of simple and common passwords that are commonly used, with passwords like “123456”, “password” and “qwerty” showing up- they should simply never ever be used in any circumstances,’ he adds.

Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”” /]