A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credential Pairs (username + password). Right now, an unsophisticated or newbie hackers can access the largest trove ever of sensitive credentials in an underground community forum. Has the cybercrime epidemic about become exponentially worse?
4iQ, scanning the deep and dark web for stolen, leaked or lost data, has discovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date. None of the passwords are encrypted. Most of the tested subsets of these credentials have been validated (true and working).
The previous largest credential breach exposed 797 million records. This dump aggregates 252 previous breaches, including known credential lists (like Anti Public and Exploit.in), decrypted passwords of known breaches (LinkedIn, Bitcoin, Pastebin, PayPal, Netflix, Amazon, etc).
The 41GB dump was found on 5th December 2017 in an underground community forum. The database was recently updated with the last set of data inserted on 11/29/2017. The total amount of credentials (usernames/clear text password pairs) is 1,400,553,869. There is no indication of the author of the database and tools, although Bitcoin and Dogecoin wallets are included for donation.
Read more on: MEDIUM.