Collection of 1.4 Billion Plain-Text Leaked Passwords Found Circulating Online

Hackers always first go for the weakest link to quickly gain access to your online accounts.
Online users habit of reusing the same password across multiple services gives hackers opportunity to use the credentials gathered from a data breach to break into their other online accounts.

Researchers from security firm 4iQ have now discovered a new collective database on the dark web (released on Torrent as well) that contains a whopping 1.4 billion usernames and passwords in clear text.

The aggregate database, found on 5 December in an underground community forum, has been said to be the largest ever aggregation of various leaks found in the dark web to date, 4iQ founder and chief technology officer Julio Casal noted in a blog post.

Though links to download the collection were already circulating online over dark-web sites from last few weeks, it took more exposure when someone posted it on Reddit a few days ago, from where we also downloaded a copy and can now verify its authenticity.

Researchers said the 41GB massive archive, as shown below, contains 1.4 billion usernames, email, and password combinations—properly fragmented and sorted into two and three level directories.

The archive had been last updated at the end of November and didn’t come from a new breach—but from a collection of 252 previous data breaches and credential lists.

source:https://thehackernews.com/2017/12/data-breach-password-list.html

How do we solve password leaks? Unfortunately, we don’t. What we can do, is prevent misuse of leaked passwords as much as possible.

How? Usage of a password manager which allows you to use unique complex passwords for every website. More information can be found here

But how do we prevent misuse of the information stored in the password manager? Connecting the password manager to a two-factor authentication solution.