Close this search box.

2.2 billion credentials dumped onto the dark web

Table of Contents

Following January 2019’s record-breaking Collection #1 which leaked 770m credentials onto the dark web, Collections #2-5 have now been dumped into the public domain.

Less than a month into 2019, cyber criminals have signalled that they are prepared for a higher form of digital warfare. Not content with releasing an unprecedented 87 gigabytes of user data earlier in January, the new data dump is an enormous 845 gigabytes – almost ten times bigger.

And with over 2 billion usernames, email addresses, and passwords now in the public domain, it is highly likely that your information is in the hands of potential hackers.

Cyber-crime as a service

A recent article uncovered the extent of cyber-crime as a service on the dark web. Services found include:Ransomware as a service – Ransomware packages are readily available for those willing to pay a subscription. Ranging from £90 to £1,450, anyone can acquire the means to conduct a ransomware attack.

Remote access to servers (see right) – Plenty of services on the dark web offer remote access to computer servers for a fee. Once a cyber-criminal has bought access to a server, they are able to execute a ransomware attack or install discreet spyware to harvest financial information to be used for blackmail.

Renting of botnets – Some seasoned criminals rent out their network of compromised computers. Combining their computing power, an individual can perform a mass-spam campaign or a distributed denial of service (DDoS) attack, which overloads a business’s server with traffic, taking it offline for an indefinite amount of time.

The sale of PayPal or credit card accounts – Cyber criminals who run successful phishing attacks do not usually take the risk of using the stolen accounts themselves. Instead, they sell the information on the dark web – often for a percentage of the account balance. The bigger the PayPal or bank account, the larger the sale fee.


So how does your information make it to the dark web?

Very easily – your data footprint is scattered throughout the internet. If you use the same password across multiple websites and services, then it’s very probable that your information is in the hands of criminals.

‘Credential stuffing’, the large-scale automation of login requests across popular online services, allows criminals to brute force their way into other services, using a single compromised credential.

Whether it’s simply a weak password cracked by an individual, or a service you’re signed up to suffering a cyber-attack, it only takes one leak for your information to make it onto the dark web.

The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because it’s subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem.”

-Troy Hunt, Have I Been Pwned

Journey to the centre of the dark web


A cyber attacker researches their target before an attack, searching for potential weak links in your business security. These weaknesses often take the form of a network vulnerability or a lack of employee cyber security awareness.


Once the attacker has established a clear entry point – it could be a phishing attack, bypassing of poor network security, or even an inside job by an employee – they exploit the weakness with a cyber-attack.


Following a successful breach, the cyber-criminal has access to your business’ internal network. They can then tunnel into your company’s critical and confidential data. This data can then be downloaded and disseminated all over the internet.

Dark Web

Business data is no longer secure and is now considered to be compromised. Here it makes its final journey to the dark web’s black market, and eventually delivered into the hands of an individual who has a financial investment in doing harm to your business.

Have you been affected?

Firstly – with significant data breaches like this, always assume that you have been compromised and take steps to protect your business.

Make use of free online resources, including Have I Been Pwned (HIBP) and the Hasso Plattner Institute’s Info Leak Checker, which consult databases containing information relating to internet breaches. By entering your email address, it is possible to confirm whether your credentials have been leaked. For security purposes, no additional information is given.

A dark web monitoring service can proactively trawl the dark web for any activity related to your business’ domain. This offers a key advantage over services like HIBP – dark web monitoring searches for compromises of your entire business domain, rather than just a single individual’s credentials. A dedicated dark web monitoring partner can also inform you immediately of any compromises, allowing your business to act swiftly.

Next steps

If you do not use a unique password for each website or service, now is the time to start doing so. If you have concern over remembering so many passwords, consider using a password manager such as 1Password. This is far more secure than using a single password across multiple services.

Review your password strength – do they contain random alphanumeric, mixed case, and special characters? If not, it is highly recommended that you review your existing passwords.

Our free-to-use password tools estimate how long it would take for your passwords to be cracked and offer a random password generator.Consider multi-factor authentication – single-factor, no matter how secure, is no longer enough. By using multi-factor authentication, you can use your mobile phone or an authenticator tool, meaning that any login attempts must be approved directly by yourself.

Using all these methods is a simple, straightforward way to secure your business. To discuss dark web monitoring, or for a wider conversation about your existing IT security solutions, give us a call on 01283 753333 or say

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More
Neuways artificial intelligence
Artificial Intelligence: The Good, The Bad & The Ugly
AI is the Marmite of the IT world. Love it or hate it, the reality is it filters into our everyday lives...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Cyber Security Acronyms Part 1: Neuways
We are helping clients to understand cyber security. We're making it easy for you, as we are jargon busting...
Read More
Password Manager and Security with neuways
Password Managers just became an even more important tool for Employees
The Government has brought in a ban on employees and manufacturers using default passwords.
Read More
Dark Web monitoring
What is the Dark Web?
Dark Web Monitoring identifies whether any of your company data (including login credentials and confidential...
Read More
Password Manager and Security with neuways
Password Security
Business Password Manager Tool Protect your remote workforce with Password Manager Tool, the business...
Read More
WatchGuard WiFi Security
WatchGuard User Services Platform – Simple, Secure and Intelligent WiFi
Why do Neuways partner with WatchGuard? Find out below to see how we improve the cyber security of your...
Read More
Endpoint Security
Endpoint Security
Protect your business with the best in Endpoint Security – How Neuways can help you Protect Your...
Read More

Frequently Asked Questions

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311


Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.