Security News > 2021 > December > Half-Billion Compromised Credentials Lurking on Open Cloud Server

The credentials were a mixed bag in terms of sources, and it's not clear how these passwords became compromised.

He added, "A compromised password goes well beyond the initial compromise as it facilitates password spraying and with the help of AI based analytical tools, the bad actors can start to identify patterns of how a person creates passwords. This is possible as the userID in question is an email address for the majority of the cases."

"More significantly, if we take the prevalence counts into consideration, that's 5,579,399,834 occurrences of a compromised password represented in this corpus."

The size of the database will continue to grow: The FBI and the NCA are now pipelining compromised passwords in to HIBP directly, Hunt noted.

"The premise is simple: during the course of their investigations, they come across a lot of compromised passwords and if they were able to continuously feed those into HIBP, all the other services out there using Pwned Passwords would be able to better protect their customers from account takeover attacks," he said.

"The 5.5 billion known compromised email addresses and passwords on the internet is quickly catching up with the world population of 7.8 billion people. Therefore, chances are extremely high at least one set of your credentials are toastWorking from the premise that the Internet is becoming more hostile and difficult to navigate on a daily basis, it sometimes reminds me of the warning light on the dashboard of your car that's been on for so long you literally no longer see it."

News URL

https://threatpost.com/half-billion-compromised-credentials-cloud-server/177202/