December 18, 2017

4iQ Discovers 1.4 Billion Clear Text Credentials in a Single Database

New Credential Breach Validates the Need for Password Management and Guidelines to Prevent Account Takeover

Now, even unsophisticated and wannabe hackers can access the largest trove ever of sensitive credentials in an underground community forum. Is the cybercrime epidemic about become an exponentially worse? And what can we do to protect ourselves?

While scanning the deep and dark web for stolen, leaked or lost login data credentials, 4iQ discovered a single database of 1.4 billion clear text credentials – the largest aggregate database found in the deep web to date.

None of the credentials are encrypted, and what’s unique – and dangerous – about this breach is that it makes finding reused passwords from such a massive database easier than ever before.

“Anyone who wants to can simply open it up, do a quick search, and start trying to log into other people’s accounts,” writes Lee Matthews in a Forbes piece.

This is not just a list. It is an aggregated, interactive database that allows for fast search (one second response per search) and database imports of clear text passwords. The data is organized alphabetically, offering concrete insights into password trends and cementing the need for guidance, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

International Business Times reporter Hyacinth Mascarenhas comments, “As expected, the database also exposed the common but dangerous tendency of people to reuse the simple, easy-to-remember passwords across different platforms.” This means hackers can automate account hijacking or account takeover.

The password standards of yesterday are no longer adequate today. We’ve known that we should be more cautious about changing passwords and using unique login credentials, but this is a prime example of why it’s so important. And for those who are still following old trends, it signifies why identity management systems that constantly monitor data in unknown places can be so significant in protecting identities.

HelpNet Security reminds us, “This is not the first data dump of this kind, and it won’t be the last.”

Read more details here.