A file containing 1.4 billion passwords that have not been encrypted (or clear text) are circulating on the Dark Web.
The file contains contains over 1,4 billions of email addresses, passwords and other credentials, all clear text, and discovered by the security company 4iQ.
The file has a size of 41 gigabyte and was discovered in December 5. It was updated at the end of last month, indicating that data is present and used by third parties. The identity of the hacker who posted them is not known, but left some evidence of any donations to Bitcoin and Dogecoin.
"None of the passwords are encrypted and what scares us is that we tried some of them and most of them work." said Julio Casal, founder of 4iQ. "The breach is almost double the previous largest leak, the list from Exploit.in which reported 797 million registrations."
The Exploit.in list is included in this dump, as are the files that have been reported to have been stolen before. But much of the data seems to be completely new.
See the pictures uploaded by medium.com
The security company tried to get in touch with some of the subscribers in the list, and many e-mail addresses turned out to be active, although in most cases passwords were no longer used.
But no matter how we do it, the size of the leak is a treasure for hackers, as all these passwords together are a first-class library for brute force attacks…