More Than 1 Billion Passwords on the Dark Web Including 123456 [source: itsecuritycentral]
by CIRT Team
A dump of 1.4 billion passwords – clear text passwords available in an aggregated, interactive database – was recently discovered online by 4iQ. While it might sound like more of the same, a couple factors make this news both particularly concerning and sadly predictable.
Details of the Data
Here are a few details about what 4iQ discovered:
- The 41GB dump was found on December 5, 2017 in an underground community forum.
- The data is from several incidents and sources, including dumps from Netflix, Last.FM, LinkedIn, MySpace, and popular games like Minecraft and Runescape.
- While some data was previously available online, 14% of exposed username/passwords pairs had not previously been decrypted by the community and are now available in clear text.
Particularly concerning is how easy this data is to use for any would-be hacker. 4iQ reports that the interactive database allows for fast (one-second response) searches and new breach imports. Given the fact that people reuse passwords, hackers can automate account hijacking or account takeover.
The increase in cybercrime-as-a-service – with kits and technical support available via online marketplaces – means that it doesn’t take a tech genius to do damage using hacked data.
For more, click here.