Home » Topics » Cybersecurity » Security researchers discover HUGE database on Dark Web

Security researchers discover HUGE database on Dark Web

Avatar photoby Nick Ismail

In what might be the largest discovery of its kind. Security researchers have potentially identified the single largest aggregate database found on the Dark Web. Within this floating database are 1.4 billion clear text credentials – including usernames and passwords – which are not from a one new breach, but a compilation of 252 previous breaches.

Researchers from 4iQ found this 41GB database, while scouring the dark web for stolen, leaked or lost data.

According to 4iQ, the passwords came from credential lists like Anti Public, Exploit.in, as well as dumps from LinkedIn, MySpace, Netflix, Bitcoin, Pastebin, Last.FM, Zoosk, YouPorn, Badoo, RedBox and games such as Minecraft and Runescape.

>See also: Why the Uber hack is much more worrying than people first thought

“None of the passwords are encrypted, and what’s scary is that we’ve tested a subset of these passwords and most of the have been verified to be true,” said Julio Casal, founder of 4iQ. “The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records.”

Yet another security warning for organisations

 

Lisa Baergen, director at NuData Security, said that “this discovery, together with looming GDPR-related liabilities for the exposure of personally identifiable information (PII), is a crystal-clear warning to organisations to revisit and tighten up their security systems, as one of their top priorities. In particular, companies that rely on static data to authenticate their customers have to migrate to solutions that allow them to circumvent the dependence on this overly exposed static data.”

>See also: Darknet Market still open for business

“Companies need to adopt technologies that look beyond PII and evaluate the user’s biometrics. When companies authenticate their customers with more than just static data, they are not exposed to the risks that databases such as this one pose to them.”

“Passive biometrics monitors behaviour such as how the users hold the device, what fingers they use, and how fast they type, that can’t be replicated by a bad actor. This provides a holistic and accurate view of who the person – or machine – behind the device is.”

“With a stronger multi-layered authentication solution that looks at the human – instead of just at the static data – companies can easily prevent account takeover attempts that use PII from the dark web.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Dark Web
Data Breach

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise