SPECIAL STATE PROTECTION SERVICE
SPECIAL COMMUNICATION AND INFORMATION
SECURITY STATE AGENCY

COMPUTER EMERGENCY
RESPONSE CENTER

Report Incident

News > 1.4 Billion Clear Text Credentials Discovered in a Single Database

14 Dec 2017

Now even unsophisticated and newbie hackers can access the largest trove ever of sensitive credentials in an underground community forum. Is the cyber crime epidemic about become an exponentially worse? While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date. None of the passwords are encrypted, and what’s scary is the we’ve tested a subset of these passwords and most of the have been verified to be true. The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records. This dump aggregates 252 previous breaches, including known credential lists such as Anti Public and Exploit.in, decrypted passwords of known breaches like LinkedIn as well as smaller breaches like Bitcoin and Pastebin sites.

This is not just a list. It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover. This database makes finding passwords faster and easier than ever before. As an example searching for “admin,” “administrator” and “root” returned 226,631 passwords of admin users in a few seconds. The data is organized alphabetically, offering examples of trends in how people set passwords, reuse them and create repetitive patterns over time. The breach offers concrete insights into password trends, cementing the need for recommendations, such as the NIST Cybersecurity Framework. While we are still processing the data, below are the technical details of our initial findings, including:

  • Sources of the Data
  • Details about the Dump File
  • Data Freshness
  • Discoveries regarding Credential Stuffing and Password Reuse

Source of the Data

The dump includes a file called “imported.log” with 256 corpuses listed, including and with added data from all those in the Exploit.in and Anti Public dumps as well as 133 addition or new breaches. Some examples of the breaches listed the file we found:

1_QE5WX5CPfppjPxlt82sdnQ

More Analysis, Stay Tuned

This experience of searching and finding passwords within this database is as scary as it is shocking. Almost all of the users we’ve checked have verified the passwords we found were true. Most reactions were

but that’s an old password…

commonly followed by an

Oh my god! I still use that password in <this> site…

a few seconds later.

4iQ’s mission is to protect your digital identity in the new data breach era by scanning the surface, social and deep and dark web.

We will be following up with more information soon and will provide solutions to protect consumers and companies from this and other alarming exposures.