Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A collection of 1.4 Billion Plain-Text leaked credentials is available online

A 41-gigabyte archive containing 1.4 Billion credentials in clear text was found in dark web, it had been updated at the end of November. Another monster data dump was found online, the huge archive contains over 1.4 billion email addresses, passwords, and other credentials in clear text. The huge trove of data, a 41-gigabyte archive, has been […]

data leak

A 41-gigabyte archive containing 1.4 Billion credentials in clear text was found in dark web, it had been updated at the end of November.

Another monster data dump was found online, the huge archive contains over 1.4 billion email addresses, passwords, and other credentials in clear text.

The huge trove of data, a 41-gigabyte archive, has been found online on December 5 by security shop @4iQ.

According to 4iQ founder and chief technology officer Julio Casal, the archive is the largest ever aggregation of various leaks found in the dark web to date.

“While scanning the deep and dark web for stolen, leaked or lost data, 4iQdiscovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date.” reads a post published by 4iQ on Medium.

“None of the passwords are encrypted, and what’s scary is the we’ve tested a subset of these passwords and most of the have been verified to be true.”

1.4 Billion Plain-Text leaked credentials

The 41-gigabyte file had been updated at the end of November, it aggregates data from a collection of 252 previous data breaches and credential lists.

It is still unclear who collected this data, the unique information we have at this time is the Bitcoin and Dogecoin wallet details left for donations.

Collector organized and indexed data alphabetically, the total amount of credentials is 1,400,553,869.

“The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records.” continues Julio Casal.

“This new breach adds 385 million new credential pairs, 318 million unique users, and 147 million passwords pertaining to those previous dumps.”

Digging the archive, it is possible to verify that users continue to use weak passwords, the top password is still 123456, followed by 123456789, qwerty, password and 111111.

Not only … the expert observed that users tend to reuse the same passwords for multiple online services.

“Since the data is alphabetically organized, the massive problem of password reuse — — same or very similar passwords for different accounts — — appears constantly and is easily detectable.” states the post.

The researchers highlighted that 14% of exposed credentials are new and in clear text.

“We compared the data with the combination of two larger clear text exposures, aggregating the data from Exploit.in and Anti Public. This new breach adds 385 million new credential pairs, 318 million unique users, and 147 million passwords pertaining to those previous dumps.” continues the expert.

As usual, let me suggest avoiding password reuse on multiple sites and of course use strong passwords.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – 1.4 Billion Plain-Text leaked credentials, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]