Blog

1.4 Billion hacked and leaked passwords found on the dark web

Written by Jack Whisker | 18-Dec-2017 10:06:50

1.4 Billion hacked and leaked passwords have been collated in a single file and are currently sitting on the dark web. Security firm 4iQ who discovered the files say that rather than this being a new breach it is a collection of several previous breaches. None of the passwords are encrypted and all the data has been put into a searchable, interactive database.

The 41GB file was discovered recently in an underground community forum and has been updated just days before being found. The database makes finding passwords faster and easier than ever before. Researcher 4iQ searched for the word ‘admin’ which produced 226,631 passwords of admin users in seconds. The data is organised so that anybody can search through the data rapidly and even offers trends in how people set passwords and reuse them over time.

Analysis of the data found that weak and common passwords are continuing to be widely used and remain a huge problem for any business and individual users. ‘123456’ and ‘qwerty’ are still shockingly the two most common used passwords despite the push on cyber security over the last 12 months by businesses. Many of the websites that the data is available for require card details such as Netflix, LinkedIn and various dating sites meaning that hackers can have very easy access to someone’s home address, payment details and email address.

The company who discovered this database 4iQ, have published several findings they took from the data. In majority of cases where one person has more than one account on the database the same password is repeated across several accounts, whilst examples of people changing passwords over time by one or two characters was also a common trend. 14% of the exposed username/passwords had not previously been decrypted before but now sit online in clear text.

You can read 4iQ’s full report here. They have also published a service in which if you email verification@4iq.com with the subject ‘Password Exposure Check’ they will check the database and let you know if any of your passwords can be found.