Hacked Password Database Found to Contain 1.4 Billion Credentials

A hacked password database used by cybercriminals has been found on the dark web by 4iQ. It contains a staggering 1.4 billion clear text credentials. But it’s not just a list, it’s an interactive database that lets people perform searches and imports of new passwords. This makes it easier for criminals to automate account hijacking.

Sample of the hacked password database

The Hack

The database makes it quick and easy to find passwords. In an example, a search was given for “admin,” “administrator,” and “root,” which returned 226,631 passwords in a few seconds. The file, coming in at 41 GB, was found on December 5, 2017 in an underground community forum. The last update to the database was on November 29, 2017.

The creator of the database has not been found, but Bitcoin and Dogecoin wallets are included for donations. The passwords are alphabetically organized, which makes it easy to see how many people reuse the same password for multiple accounts. A list of the top 40 most used passwords was given.

List of the top 40 most used passwords

Research into the database is still ongoing, with 4iQ posting a few updates yesterday.

What You Can Do

The best thing you can do is use a password manager. We’ve talking about using 1Password before. A password manager makes it easy to store all of your online accounts. Plus, such tools have password generators to help you create a different complex password for each account.

Share this post