Tuesday, 19 December 2017

1.4 Billion Plain Text Passwords leaked

1.4 Billion Plain Text Passwords leaked


A new collective database 41  GB Massive data of 1.4 billion usernames ,email and password combinations -properly sorted and arranged into three level directories.
The links to download are floating in the dark web sites from few days back ,it came into light little that to some one posted on Reddit few days ago from where also one can download a copy and can verify its authenticity.


The last updated data in the data base is in end of November ,as per researches it has been a collection of 252 previous data breaches and credential lists.

The scariest part is none of the passwords is true and as per researchers testing the passwords verified to be true.

This collection consists of 385 million new credential pairs .318 million new users and 147 million passwords collected from previous dumps.


Windows 10 Default Password Manager allows hackers steal passwords


Default Windows 10 Password Manager allows hackers steal passwords  



Running Windows 10, then chances for your machine to contain a Pre-installed software that allows hackers to steal your credentials remotely.


A new feature Content Delivery Manager installs "suggested apps" without user's permission.

Google Project Zero researcher Tavis Ormandy said that he found a pre-installed famous password manager, called "Keeper," on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network.

The vulnerability affects the Keeper browser extensions, which, unless users opt out, are installed alongside the Keeper desktop application. The security hole allows attackers to steal passwords stored by the app if they can convince an authenticated user to access a specially crafted website.


Keeper released a patch within 24 hours of being notified by Ormandy. The fix has been rolled out with version 11.4.4 and it has already been delivered to Edge, Chrome and Firefox users via the browsers’ automatic extension update process. Safari users will need to manually update the extension.


“This potential vulnerability requires a Keeper user to be lured to a malicious website while logged into the browser extension, and then fakes user input by using a clickjacking and/or malicious code injection technique to execute privileged code within the browser extension,”
 Keeper said in a blog post informing customers of the vulnerability and the patch.