And the Survey Says:

Nearly 80% of passwords are authentic in the 1.4 billion trove.

A Community effort to help understand the level of exposure after the 1.4B Clear Text Credentials Trove

On December 8, 2017, 4iQ reported on the discovery of an archived file with a 41GB database of 1.4 billion clear text credentials. The discovery sparked concern from internet users across the United States and around the world, who came to us to question the security of their data and the passwords they use every day.

Due to the high demand for answers, 4iQ offered a free service to let users know which of their passwords had been exposed. As of February 15, 2018, more than 40,000 took advantage of this service. And we turned this into an opportunity to find out more about the usernames and passwords that were compromised.

When responding to verification requests, we surveyed individuals about the accuracy, dates of use and password creation as well as the habits of those with compromised credentials. We manually reviewed 600 survey responses to gain insights not only on real password habits, but also data freshness and authenticity.

One consumer perfectly summed up the password reuse problem that consumers face today, commenting on an exposed password:

“I used that password for Amazon, Atlassian, Bitbucket, Dropbox, Evernote, StackOverflow, and Facebook.”

We found that many users echoed this sentiment. One username and password pair for several websites and online services.

In addition to this anecdotal response, here are some of the numbers:

What it comes down to is that we have all been giving and hearing password advice for years (here are just a few examples).

• Don’t use a common password like “123456,” “ or “password.”
• Don’t use common dictionary words or personal information (like your child or pet’s name) as the basis of your password.
• Don’t reuse the same password in different accounts.
• Reset your password whenever you notice suspicious activity, or when you hear about a potential breach of a website or online service.

But does password strength mean anything during this era where data breaches happen every day? What else should we be doing to protect our online accounts and identity?

This trove presents significant data to support the need for consumers to take preventative action to protect your usernames and passwords — the keys that unlock the door to an important part of your digital identity.

To learn more, including tips for protecting your account from takeover, downloaded the full report here. (you will not need to register for it).