Youporn Hacked Data Among Dark Web Database Sparking 'Cyber Crime Epidemic'

dark web youporn hacked database
Security researchers called the 41GB database of passwords a “treasure trove” for cyber criminals. REUTERS/Kacper Pempel

A database of 1.4 billion user passwords has been discovered on the dark web, paving the way for what security experts expect to be a "cyber crime epidemic."

The data—compiled from 252 data breaches from websites including LinkedIn, MySpace, Netflix and YouPorn—allows easy access to potentially the largest ever list of information about users.

Dark web monitor Julio Casal described the database in a blog post as easy-to-access and interactive, meaning "even unsophisticated and newbie hackers" can exploit it.

"None of the passwords are encrypted, and what's scary is [that] we've tested a subset of these passwords and most of [them] have been verified to be true," Casal wrote in the blog.

dark web drug markets offline
The accessibility of the data published on the dark web means “even unsophisticated and newbie hackers” can take advantage of it. REUTERS/Tim Shaffer

Security researchers have called the 41GB database a "treasure trove" for cyber criminals, especially considering how easy it is to search the data.

By searching for usernames or email addresses across different breached websites, criminals could search for password patterns that could be used to access other accounts.

"With so many online accounts owned by each of us, it may be quite hard to determine what accounts we have (and have forgotten about) and which ones contain data," Mark James, a security specialist at ESET, said in an emailed statement to Newsweek.

"With each breach that happens, the data that's stolen may show patterns and trends in our password practices—if we are forced to change passwords regularly, it may show our thought processes that could enable an attacker to utilize that data for later attacks."

Read more: Bank robber hackers steal millions of dollars in silent heists across U.S. and Russia

Other security experts say the database should also serve as a wakeup call to companies when it comes to their security and protection of customer data.

In an emailed comment, Director of NuData Security Lisa Baergen called it a "crystal clear warning" to organisations to treat cybersecurity as a top priority and not rely so heavily on password-based security checks.

"When companies authenticate their customers with more than just static data, they are not exposed to the risks that databases such as this one pose," Baergen said.

"Passive biometrics monitors behaviour such as how the users hold the device, what fingers they use, and how fast they type, that can't be replicated by a bad actor… With a stronger multi-layered authentication solution [companies] can easily prevent account takeover attempts that use PII [personally identifiable information] from the dark web."

Andrew Clarke, a director at One Identity, added: "Businesses need to realize that the age of the password is past, and here is an example of why this is the case. We have seen many companies allowing weak passwords like '123456' to be set by their users.

"But also, users reusing their passwords for personal and business services. Both result in easy pickings for the criminals."