A security vendor has discovered a massive searchable database of 1.4 billion stolen credentials on the dark web, according to a report.
This week, IT World Canada reported that the database, which contains 1.4 billion usernames and passwords, “could lead to a new wave of cyber attacks.”
According to the report, the database “allows for fast (one-second response) searches and new breach imports.”
“For example, searching for ‘admin,’ ‘administrator’ and ‘root’ returned 226,631 passwords of admin users in a few seconds,” they explained. “As a result, the database can help attackers automate account hijacking or account takeover.”
IT World Canada also reported that, “Among other things the database shows how some people still re-use passwords on many sites. For example, one person may have thought they were being safe by using an uncommon ten digit password – but used it on six email addresses.”
The database showed that “123456” had been used by 9,218,720 users as a password, while “qwerty” and “password” were both used over 1,000,000 times.
Other passwords that were commonly used included, “111111,” “abc123,” “iloveyou,” “qwertyuiop,” “123,” “dragon,” and “monkey.”
Last year, it was reported that data from Yahoo’s “one billion user account hack was sold a number of times” on the dark web, while in April, it was revealed that merchants on the dark web were selling nude photos of female Marines from the Marines United scandal.