The Daily Swig Web security digest

In the clear? 1.4bn data records found on the dark web

James Walker | 12 December 2017 at 11:16

Easily searchable database leads to fears that the cybercrime epidemic is about to become much worse.

In what’s thought to be the largest aggregate credential database ever discovered, researchers have found a massive haul of 1.4 billion clear text credentials sitting on the dark web.

While scanning the deep and dark web for stolen, leaked, or lost data, security researchers at 4iQ discovered a single, 41GB file containing billions of login credentials – complete with unencrypted passwords.

Discussing the team’s findings in a Medium post over the weekend, 4iQ founder Julio Casal said the interactive database allows for fast searches and new breach imports.

“Given the fact that people reuse passwords across their email, social media, eCommerce, banking, and work accounts, hackers can automate account hijacking or account takeover,” he said.

The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records.

According to Casal, the database would allow even novice hackers to access user accounts, leading to fears that the cybercrime epidemic is about to become much worse.

“What’s scary is that we’ve tested a subset of these passwords and most of the have been verified to be true,” he noted.

“The breach offers concrete insights into password trends, cementing the need for recommendations, such as the NIST Cybersecurity Framework.”