Researchers were extremely shocked when they recently found a massive repository of stolen credentials on the dark web.
The dark web has become a place for hackers to sell sensitive data such as account login details, artifacts and weapons they have obtained through illegal means.
While this is a known fact, it was earlier this month when a massive database of user information surfaced on the dark web.
A huge data breach has been discovered, which confirmed that clear text data with data belonging to 1.4 billion users has been published on the dark web.
The term "clear text" confirmed that the usernames and passwords found were not encrypted. Anyone who gains access to this database can choose to access the website to tamper data, steal money and conduct other illegal activities through the database.
The dark web database weighed in at 41 gigabytes. It also included 252 breaches that involved popular websites like LinkedIn and Pastebin.
Weak Password Habits
The leak was found by Julio Casal, who is the founder and the CTO of identity threat intelligence firm 4iQ.
Casal commented that the repository he found was not just a storage bin, but it actually had much more to it.
He stated that it was more than a simple storage bin because the hackers have programmed the system in such a way that anyone who has access to it can search for the particular username they need within a second.
They can also choose to add new entries to the database, helping it grow in size.
Apart from this information, the security researcher further revealed a scary reality for the average user: Many people often tend to use the same passwords for multiple logins such as email, social media and banking transactions.
Hackers can choose to create an automated attack which will automatically input the same username and password combination into multiple websites and return with results offering insights into where they worked and where they didn't.
It can be used to take over user accounts without any difficulty.
Exposed Database has a Search Feature
Further, in a blog post detailing his findings, Casal confirmed that hackers can make use of the database to quickly gain access to accounts.
They are not only using it as a dark web storage repository but also as a constantly improving database with new credentials being added from time to time. Eventually, they can organize them based on region, gender and other factors to make attacks easier.
In the search results, when the security expert typed the username admin or administrator, the system immediately returned with 226,631 results confirming that many web panels, logins and organizations are at risk.
In the past, the largest repository was found in the Exploit.in combo list, which had 797 million records and included data from 133 breaches that took place elsewhere.
This was discovered by security researchers back in May of this year.
The newest data breach has already surpassed a billion users and it looks like the hackers are trying to put together the stolen credentials to further cultivate an available database on the dark web, making it easier for them to search what they need to do within seconds to exploit the careless behavior of users.
Despite all the warnings security experts have released in the past, people still use simple passwords like "password,""123456" and "abcdef" which makes the job even easier for the hackers.
They can choose to immediately make use of the usernames and passwords available to them to gain access to a server to download data, bank accounts and other private information to use against unsuspecting victims.
Cybersecurity experts acknowledge that remembering multiple passwords is very difficult for the average user, which is why they end using the same one for all their accounts.
The only way to overcome this practical problem is by making use of technology such as biometric fingerprint sensors and other personally identifiable methods rather than forcing users to use complex passwords every time they create an account.
It's also worth adding that when hackers have access to over a billion credentials in the dark web, government officials and organizations should take steps to safeguard themselves against an attack.
They are advised to disregard outdated methods of cybersecurity best practices-like changing passwords every 90 days-but rather implement more powerful security measures in place, therefore not relying on the simple passwords created by employees.
The current IT process is very weak compared to the threat outside, and it is high time they start upgrading their security measures to avoid huge data breaches.
Disclaimer:
You need to enable JavaScript to vote
