A data dump containing over 1.4 billion email addresses, passwords, and other credentials, all in clear text, has been found online by security shop @4iQ giving us insight into the fact that many people haven't gotten the password memo.



According to The Register the file is 41 GIGABYTES and discovered on December 5 and as recently updated as the end of last month November leading us to assume the data is current and being used by third parties. We don't know who leaked it, but the thief is taking Bitcoin and Dogecoin wallet donations.

@4iQ has said:

A database of 1.4 billion user passwords has been discovered on the dark web, paving the way for what security experts expect to be a “cybercrime epidemic.”...

Dark web monitor Julio Casal described the database in a blog post as easy-to-access and interactive, meaning “even unsophisticated and newbie hackers” can exploit it...

The accessibility of the data published on the dark web means “even unsophisticated and newbie hackers” can take advantage of it.

Security researchers have called the 41GB database a “treasure trove” for cybercriminals, especially considering how easy it is to search the data.

By searching for usernames or email addresses across different breached websites, criminals could search for password patterns that could be used to access other accounts.

As mentioned, the archive shows that years of advice on choosing strong passwords are still being ignored. The top password is still 123456, followed by 123456789, qwerty, password and 111111. Following those top five, we are finding variations that make using those five still easy to guess.

@4iQ contacted many email addresses finding them still active, but noting many had changed their passwords.

Probably to 123456!