19 Billion Compromised Passwords: Everything You Need to Know

Users on the Web have come across 19 billion compromised passwords. Here’s everything you need to know.

Nowadays, the Web is rarely a safe place. In fact, users are even wondering whether AI will enhance hacking operations for malicious parties: this is how far we’ve come.

Regardless, data breaches have always been there. They have always been a part of our daily life: at the same time, not all data breaches are as significant as the credential stuffing goldmine that has exposed 19 billion compromised passwords.

What Are the 19 Billion Compromised Passwords About?

The list of 19 billion compromised passwords isn’t from a single data breach. Rather, it’s a set of hundreds or perhaps even thousands of data breaches. Some sources say that the list of 19 billion compromised passwords is a list of data breaches, combo lists, and stealer logs that have happened in the span of 2 years, while some note that the data breaches in the list may date back as far as 2012 with the LinkedIn data breach.

According to sources on the web, the list of 19 billion compromised passwords spans all kinds of data: email addresses, usernames, as well as passwords in a hashed and plain text form.

What’s in it For Attackers?

For attackers, the benefits are quite obvious: malicious parties are likely to use the list of 19 billion compromised passwords to gather information on specific targets and to mount credential stuffing attacks.

According to Cybernews and other sources on the Web, only 6% of the passwords in this data set were unique, showing that despite the attempts of cybersecurity researchers to close the gap of password security, the problem persists.

So, we can say that the list of 19 billion compromised passwords is a goldmine for attackers because since they now possess all kinds of email addresses and passwords together with plain text passwords, they can peruse tools like Sentry MBA or similar tooling in order to attack login forms and overtake accounts that have reused passwords.

That’s especially concerning given that sources on the Web note that 4% (more than 727 million) of the passwords in the list of 19 billion compromised passwords are “1234” followed by “password” (56 million) and “admin” (53 million.)

Perhaps some of the more rare occurrences in regards to passwords are passwords containing animal names: passwords containing the names of animals like “Lion”, “Fox”, “Wolf”, “Bear”, “Bull”, “Monkey”, and others are associated with almost 20 million users.

The data set features passwords up to 10 characters in length, with passwords bearing 8 characters being the most common choice for the majority of users.

Actions to Take

Since there is conflicting information from sources on the Web (some state that the list of 19 billion compromised passwords may include both hashed and plain text passwords from data breaches dating back to data breaches that have occurred on or around 2012 while others say that the list is comprised of more recent data), there are some conclusions that can be made regardless:

• Use unique passwords for each and every of your online accounts. This can be accomplished by using known password managers like Bitwarden, 1Password, or LastPass.
• Turn on 2 factor authentication (2FA) for your accounts wherever possible. 2 factor authentication is a very good security measure against the attack vectors stemming from compromised lists like the 19 billion compromised passwords because even if your username or email address and the password match to access a specific service, access won’t be granted unless you explicitly approve it.
• Make use of data breach search engines. Data breach search engines like BreachDirectory.com and the BreachDirectory API are an excellent way to determine whether you are exposed to threats stemming from lists involving 19 billion compromised passwords and others. Data breach search engines like BreachDirectory will allow you to search through multiple data classes (usernames, email addresses, IP addresses, Pastebin or even police data) to determine whether the data you possess is in the hands of hackers and advise you on what to do next. BreachDirectory will also let you perform a lot of additional actions together with your search allowing you to search whether a Blockchain address is related to money laundering, obtaining more information on a specific IP address and the like allowing you to run OSINT investigations using threat intelligence.

• Organizations storing passwords should ensure they’re stored adequately. Organizations storing password data should ensure that passwords are stored in a Blowfish, BCrypt, or similar format essentially slowing down or halting cracking attempts.
• Security controls should be reviewed frequently. Implemented security controls like firewalls and the like should be reviewed frequently to ensure their effectiveness.
• Verify data and ensure it comes from reliable sources. That goes for everything: both information related to work and threads like the one you’re reading right now.

Overall, keep in mind that the list of compromised data like the 19 billion compromised passwords are likely to cause some harm, but at the same time, don’t panic: use strategies mentioned above, make use of data breach search engines like BreachDirectory and their API appliances like the BreachDirectory API to evaluate your posture, and don’t forget to use unique passwords together with 2FA for every service you use.

Conclusion

According to sources on the web, the list of 19 billion compromised passwords is either related to data breaches that have happened within the last 2 years. The list of 19 billion compromised passwords is very likely to be used for credential stuffing and to protect against such attacks, make good use of data breach search engines like BreachDirectory.com and the BreachDirectory API searching for your data, use unique passwords, update them frequently if necessary, and enable two-factor authentication (2FA) wherever possible.

FAQ

What is the List of 19 Billion Compromised Passwords About?

The list of 19 billion compromised passwords has to do with data breaches that are alleged to have happened in the span of two-three years. The 19 billion compromised passwords include email addresses, usernames, as well as hashed and plain text passwords.

What are 19 Billion Compromised Passwords Used For?

This compromised list of credentials is used for credential stuffing. To protect yourself and your loved ones from such attacks, use data breach search engines like BreachDirectory.com and the BreachDirectory API searching for your data, use unique passwords, update them frequently if necessary, and enable two-factor authentication (2FA) wherever possible.

Why Should I Use BreachDirectory?

Consider using data breach search engines like BreachDirectory.com and the BreachDirectory API to perform threat intelligence on specific tasks to reach OSINT goals. Tasks might include determining whether a specific Blockchain address is related to money laundering, evaluating whether your data was stolen and if yes, what data was stolen, or even searching through data related to police.