Searchable Database of 1.4 Billion Stolen Credentials Found On Dark Web

YVRGeek shares a report from IT World Canada: A security vendor has discovered a huge list of easily searchable stolen credentials in cleartext on the dark web, which it fears could lead to a new wave of cyber attacks. Julio Casal, co-founder of identity threat intelligence provider 4iQ, which has offices in California and Spain, said in a Dec. 8 blog his firm found the database of 1.4 billion username and password pairs while scanning the dark web for stolen, leaked or lost data. He said the company has verified at least a group of credentials are legitimate. What is alarming is the file is what he calls "an aggregated, interactive database that allows for fast (one second response) searches and new breach imports." For example, searching for "admin," "administrator" and "root" returned 226,631 passwords of admin users in a few seconds. As a result, the database can help attackers automate account hijacking or account takeover. The dump file was 41GB in size and was found on December 5th in an underground community forum. The total amount of credentials is 1,400,553,869.

Re:Sheesh

[Sarten-X]

The best I know of is https://haveibeenpwned.com/. You can search for a single email address, or set up monitoring for your domains.

If this collection has email addresses, I wouldn't be too surprised to find it added to the collection there.

Re:My Password is still good though?

[Agret]

I have a copy of my database on my phone. I use Keepass2Android and this USB keyboard plugin - https://play.google.com/store/... It makes it so you can plug your phone into the computer and it will be detected as a USB keyboard and then auto type your passwords in for you, no software required on any computer and no chance of your database being compromised on an untrusted PC.