1.4 Billion Passwords Circulating on Dark Web

A new collection of 1.4 billion usernames and passwords has been discovered, circulating on the dark web. According to researchers, the collection is believed to be an amalgamation of usernames and passwords from previous hacks as well as information from new breaches.

The ease of accessibility and use of the collection represents a major security risk because many individuals use the same username and password across multiple websites. So hackers can take a username-password combination that was stolen from one website and attempt to use it for accessing services on other websites. Unless users change their credentials regularly or always have different credentials for the websites they visit, the existence of this collection will likely lead to further data theft, possibly undetected. "None of the passwords are encrypted, and what's scary is that we've tested a subset of these passwords and most of the have been verified to be true" researchers said.

The collection is believed to include credentials that were collected during previous hacks of Bitcoin, Pastebin, LinkedIn, MySpace, Netflix, YouPorn, Last.FM, Zoosk, Badoo, RedBox, games like Minecraft and Runescape, and credential lists like Anti Public, Exploit.in. So it is likely that the collection will provide fertile ground for hackers wishing to exploit the credentials on other websites.

Read more...