Over a billion unencrypted user credentials have been leaked onto the dark web by criminals in one of the largest leaks in history.
The database of around 1.4 billion people contains details such as usernames, email addresses and passwords, all in plaintext, meaning they can be read by anyone accessing the file.
The leak was revealed by researchers at security firm 4iQ, who say that rather than being a new breach, the files are a collection of several past breaches combined into one large database that amounts to 41GB of information.
The database is alphabetised and indexed to make it easy to search, and brings together files from around 250 old breaches, including many known breaches such as LinkedIn, Netflix, Last.FM and YouPorn.
Julio Casal, founder of 4iQ, revealed that, “None of the passwords are encrypted, and what’s scary is that we’ve tested a subset of these passwords and most of the have been verified to be true.”
Overall, 4iQ found that 14 per cent of the username and passwords had not previously been available in readily-usable decrypted form. Worryingly, analysis of the database by 4iQ found that weak passwords continue to be widely used by users around the world, with 123456 found to be the most common password in the collection, followed by 123456789, qwerty, password and 111111.
The identity of the database's author is still unknown, but whoever is behind the collection left Bitcoin and Dogecoin wallet addresses and details for anyone minded to make a donation to their efforts.