A hacked password database used by cybercriminals has been found on the dark web by 4iQ. It contains a staggering 1.4 billion clear text credentials. But it’s not just a list, it’s an interactive database that lets people perform searches and imports of new passwords. This makes it easier for criminals to automate account hijacking.
The Hack
The database makes it quick and easy to find passwords. In an example, a search was given for “admin,” “administrator,” and “root,” which returned 226,631 passwords in a few seconds. The file, coming in at 41 GB, was found on December 5, 2017 in an underground community forum. The last update to the database was on November 29, 2017.
The creator of the database has not been found, but Bitcoin and Dogecoin wallets are included for donations. The passwords are alphabetically organized, which makes it easy to see how many people reuse the same password for multiple accounts. A list of the top 40 most used passwords was given.
Research into the database is still ongoing, with 4iQ posting a few updates yesterday.
What You Can Do
The best thing you can do is use a password manager. We’ve talking about using 1Password before. A password manager makes it easy to store all of your online accounts. Plus, such tools have password generators to help you create a different complex password for each account.
621,078 people use the password “homelesspa”? What does that mean?