Login details, including username, password and e-mail credentials for some 1.4billion accounts, have been published in a database on the Dark Web.
The staggering amount of sensitive information is available unencrypted and indexed alphabetically, so it is easy to access and search through.
The data breach was discovered by security researchers at 4iQ, and the terrifying database on the Dark Web has a hefty 41GB file size.
Cyber security experts 4iQ said the credential breach aggregated 252 previous breaches.
It includes decrypted passwords from known previously breaches like LinkedIn as well as smaller breaches for Bitcoin and Pastebin sites.
A screenshot of some of the files found in the data breach was published by 4iQ.
Some of the file names listed mentioned Netflix, Gmail, LastFM, MySpace and PayPal.
PayPal’s recently acquired payment processor TIO Networks this month revealed that 1.6million customer had information stolen in a data breach.
While Netflix recently was the target of a scam e-mail that tried to trick users into handing over their login and password details.
And earlier this year it emerged over a million login credentials for Gmail and Yahoo accounts was being sold on the Dark Web.
Speaking about the database of 1.4billion login credentials, Julio Casal, founder of 4iQ, said: “None of the passwords are encrypted, and what’s scary is that we’ve tested a subset of these passwords and most of the have been verified to be true.”
Casal added: “This is not just a list. It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports.
“Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.
“This database makes finding passwords faster and easier than ever before. As an example searching for “admin,” “administrator” and “root” returned 226,631 passwords of admin users in a few seconds.”
Passwords found in the credential breach were analysed by 4iQ, and the findings underlined how important strong passwords are.
They published the top 40 passwords found within the data breach, and a large number of these passwords are easy to hack and guess.
The top password choice, used by more than 9.2million accounts, was 123456.
Here are the top five passwords with the amount of accounts that used them:
1. Password: 123456 – 9.2million accounts
2. Password: 123456789 – 3.1million accounts
3. Password: qwerty – 1.6million accounts
4. Password: password – 1.3million accounts
5. Password: 111111 – 1.2million accounts
As aforementioned, much of the data in the massive credential breach is from old breaches.
However, 4iQ found 14 per cent of usernames and passwords had not been available before in decrypted form.
If you’re concerned about whether any of your accounts could have been compromised, it’s not too late to follow good password practice.
You should always use a unique password for each one of your online accounts.
This means that – should one of your online accounts be compromised in an online leak or hack – hackers are not able to replicate the combination of your email and password to access other online logins.
A password manager is one way to generate and securely store unique passwords with letters, symbols and numbers.
Alternatively, one way to create a secure password is to take the first letter of each word in your favourite song lyric, phrase or poem and use those letters, which should appear like a random jumble of random characters, as your password.