A Collection of 1.4 Billion Clear Text Leaked Passwords Found on the Dark Web

In recent years, high-profile breaches have resurfaced in the media involving popular websites and online services and it’s very likely that some of your accounts have been impacted. It’s also likely that your credentials are listed in a massive file that’s floating around the underground community forum. Now even unsophisticated and newbie hackers can access the largest trove ever of sensitive credentials in the Dark Web.

While scanning thousands of dark web sites, hacktivism forums, and black markets for stolen credentials, leaked personal information, 4iQ discovered a single 41-gigabyte file with a database of 1.4 billion clear text credentials. It is the largest aggregate database found in the dark web up to date.

Though none of the passwords are encrypted but what’s scarier is when 4iQ tested a subset of these passwords, most of them have been verified to be true.

The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records. This dump aggregates 252 previous breaches, including known credential lists such as Anti Public and Exploit.in, decrypted passwords of known breaches like LinkedIn as well as smaller breaches like Bitcoin and Pastebin sites.

This is not just a list. It is an aggregated, interactive database that allows for fast searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.

This database makes finding passwords faster and easier than ever before. As an example searching for “root,” “admin” and “administrator” returned 226,631 passwords of admin users in a few seconds.

While 4iQ still processing the data, they gave technical details of their initial findings, including:

  • Sources of the Data
  • Details about the Dump File
  • Data Freshness
  • Discoveries regarding Credential Stuffing and Password Reuse

Source of the Data

The dump includes a file called “imported.log” with 256 corpuses listed, including and with added data from all those in the Exploit.in and Anti Public dumps as well as 133 addition or new breaches.

Last breaches added to the database

Details about the Dump File:

The 41GB dump was found on 5th December 2017 in an underground community forum. The database was recently updated with the last set of data inserted on 11/29/2017. The total amount of credentials (usernames/clear text password pairs) is 1,400,553,869.

There is no indication of the author of the database and tools, although Bitcoin and Dogecoin wallets are included for donation.

The data is structured in an alphabetic directory tree fragmented in 1,981 pieces to allow fast searches.

Data is fragmented and sorted in two and three level directories

Data Freshness

Although the majority of these breaches are known within the Breach and Hacker community, 14% of exposed username/passwords pairs had not previously been decrypted by the community and are now available in clear text.

4Iq compared the data with the combination of two larger clear text exposures, aggregating the data from Exploit.in and Anti Public. This new breach added 385 million new credential pairs, 318 million unique users, and 147 million passwords pertaining to those previous dumps.

Credential Stuffing and Password Reuse

Since the data is alphabetically organized, the massive problem of password reuse — — same or very similar passwords for different accounts — — appears constantly and is easily detectable.

A couple of the constant examples of password reuse that can be found:

Top Passwords

The list of top 40 Passwords and volume found:

Jahnavi M
Vulnerability analyst, Technical Writer, Security Blogger, Co-founder---SecKurity

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: