Password security is essential when it comes to safe surfing. Without it, all of your online accounts become easily accessible by hackers, and crooks are always hoping that people will re-use passwords or think of the most common codes (like, password123).
Billions of passwords exposed: some of them from old breaches, but not all
Researchers from 4iQ published an article on 8th of December, warning Internet surfers that their group of analysts discovered a massive resource center for cybercriminals. Even an amateur hacker or a curious enthusiast had the chance of exploring a disturbing number of credentials, enumerated in a plain sight, without any encryption or protection.
One of the underground forums on the dark web stored this information and the detected mystery has been referred to as “the largest aggregate database found in the dark web”. Basically, this is a library, storing a huge variety of passwords to choose from. In our opinion, it is a hackers’ dream come true.
But where did this data come from? From the experts’ opinion, the information was uploaded from an imported.log file. The whole publicized information is estimated to be about 41GB. It appears that the list contains previously exposed credentials. In other words, information from a variety of breaches is included into the disturbing post. Therefore, hackers are able to browse this catalogue without a care in the world.
It is unknown who made this list of passwords, but the hacker includes a Bitcoin and Dogecoin wallets for donation. So, a crook wants to receive some money from the other hackers he/she helps?
Even though some of the passwords come from previous data breaches, there are some new credentials exposed as well. According to the analysis, 385 million new credential pairs, 318 million unique users and 147 million passwords are included into the list as “new info”.
Much to our disappointment, majority of the passwords are not that difficult to guess in the first place. The most popular code was 123456 and it was exploited by 9218720 people. In the forth place (1313464 people) used the code “password”. One of the interesting mentions could be the passwords “homelessspa”, used by 621078 people from the list.
Next time you are creating an account, make sure to create a unique and complicated code to protect your privacy. If you are having trouble remembering all the codes, use a password manager; it will help you keep track of all of your accounts.