Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Collection of 1.4 Billion Plain-Text Leaked Passwords Found Circulating Online
#1
Photo 
[Image: password-reuse-list.png]



Hackers always first go for the weakest link to quickly gain access to your online accounts.

Online users habit of reusing the same password across multiple services gives hackers opportunity to use the credentials gathered from a data breach to break into their other online accounts.

Researchers from security firm 4iQ have now discovered a new collective database on the dark web (released on Torrent as well) that contains a whopping 1.4 billion usernames and passwords in clear text.

The aggregate database, found on 5 December in an underground community forum, has been said to be the largest ever aggregation of various leaks found in the dark web to date, 4iQ founder and chief technology officer Julio Casal noted in a blog post.

Though links to download the collection were already circulating online over dark-web sites from last few weeks, it took more exposure when someone posted it on Reddit a few days ago, from where we also downloaded a copy and can now verify its authenticity.

Researchers said the 41GB massive archive, as shown below, contains 1.4 billion usernames, email, and password combinations—properly fragmented and sorted into two and three level directories.

The archive had been last updated at the end of November and didn't come from a new breach—but from a collection of 252 previous data breaches and credential lists.


[Image: data-breach-password-list.png]

The collective database contains plain text credentials leaked from Bitcoin, Pastebin, LinkedInMySpace, Netflix, YouPorn, Last.FM, Zoosk, Badoo, RedBox, games like Minecraft and Runescape, and credential lists like Anti Public, Exploit.in.
"None of the passwords are encrypted, and what's scary is that we've tested a subset of these passwords and most of the have been verified to be true," Casal said. "The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records."
"This new breach adds 385 million new credential pairs, 318 million unique users, and 147 million passwords pertaining to those previous dumps."
The database has been neatly organized and indexed alphabetically, too, so that would-be hackers with basic knowledge can quickly search for passwords.

For example, a simple search for "admin," "administrator" and "root," returned 226,631 passwords used by administrators in a few seconds.

Although some of the breach incidents are quite old with stolen credentials circulating online for some time, the success ratio is still high for criminals, due to users lousy habit of re-using their passwords across different platforms and choosing easy-to-use passwords.

The most common yet worst passwords found in the database are "123456", "123456789", "qwerty," "password" and "111111."


[Image: worst-password-list.png]

It is still unclear who is responsible for uploading the database on the dark web, but whoever it is has included Bitcoin and Dogecoin wallets for any user who wants to donate.

To protect yourself, you are strongly advised to stop reusing passwords across multiple sites and always keep strong and complex passwords for your various online accounts.

If it's difficult for you to remember and create complex passwords for different services, you can make use of the best password manager. We have listed some good password managers that could help you understand the importance of such tool and choose one according to your requirement.


source: www.thehackernews.com
Reply
#2
Thanks for the info. 
Well, what to say, you need to frequently change the passwords, make them difficult to crack and use a reliable password Manager.
Reply
#3
(12-14-2017 , 09:11 AM)kubik67 Wrote: Thanks for the info. 
Well, what to say, you need to frequently change the passwords, make them difficult to crack and use a reliable password Manager.

I don't like password managers in the cloud, I'm a little paranoic with these key management programs. Will they be reliable, safe?[b] Oh no I would only trust if the password manager was offline and with local backups. [/b]
Reply
#4
i don,t use password managers never
Reply
#5
just using notepad .txt for my all password  Big Grin
Reply
#6
(12-15-2017 , 12:26 AM)TXi Wrote: just using notepad .txt for my all password  Big Grin

in like manner with notepad but hosted into Usb protected. 
Reply
#7
from what I have seen, no cloud data service is safe, in general, humans always making mistakes or carelessness. the services also carry errors moored from their designers , in their sales promotion they promise to be very efficient, in this case they claim to be impenetrable-unbreakables, and they always end up violated by some hacker for example: structural security systems, alarms, security cameras, biometric systems: readers for fingerprint sensors, antispy's, firewall's. when be totally common to have each one keys saved in those administrators, the hackers will attack those data centers or the password manager on your computer, or the same employees don't resist stealing temptation, as well as in the pyramids of the ancient egypt, when they buried to the Pharaohs along with his riches, the only ones who knew how to avoid the traps inside the pyramids, were the builders and masons that looted the pyramids at night.

My question is: how many security violations appear every day?
And where were our programs that we trust so much?
apparently the hackers are more advanced than any protection.
that's why the phrase was born: zeroday .
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  I review security software for a living and I just found a new way to stop online sca mrtrout 0 876 01-06-2024 , 04:30 AM
Last Post: mrtrout
  533 million Facebook users' phone numbers and personal data have been leaked online SALAMA Youssef 0 1,344 04-04-2021 , 09:47 PM
Last Post: SALAMA Youssef
  Linux and macOS Versions of Commercial ‘Malware’ FinSpy Found Online by Amnesty Inte mrtrout 0 906 10-03-2020 , 05:40 AM
Last Post: mrtrout
  Havenly discloses data breach after 1.3M accounts leaked online tarekma7 0 1,020 08-06-2020 , 07:24 PM
Last Post: tarekma7
  Source code from dozens of companies leaked online mrtrout 0 1,202 07-28-2020 , 07:22 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)