Security researchers have discovered a database on the dark web that contains 1.4 billion usernames and passwords in clear text. This is said to be the largest aggregate credential database ever found.
The most recent update came at the end of November and did not contain information from a new breach, but rather information from a collection of all previous 252 data breaches and credential lists.
The collection is said to contain data from Bitcoin, Pastebin, LinkedIn, MySpace, Netflix, YouPorn, Last.FM, Zoosk, Badoo, RedBox, and credential lists like Exploit.in. Although some of this information may be outdated, it still provides malicious actors with a large pool of known credentials to work with in any future attacks.
For instance, the database is organized alphabetically and a search for “Admin,” “administrator,” and “root” returns 226,631 different passwords.
“This type of information is why we always stress never using the same password across multiple different platforms and always use a strong complex password,” said Shawn Pope, Security Analyst at Nuspire Networks.
Pope also recommends utilizing a password manager like LastPass, as it provides an easy way to store complex passwords for different websites and applications.