The company's founder and chief technology officer Julio Casal said in a blog post that the 41Gb file had been found on 5 December in an underground community forum.
"While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials – the largest aggregate database found in the dark web to date," Casal wrote.
It appeared to have been last updated on 29 November, and the total pairs of usernames/passwords — all in clear text — was 1,400,553,869.
"We compared the data with the combination of two larger clear text exposures, aggregating the data from Exploit.in and Anti Public," he wrote. "This new breach adds 385 million new credential pairs, 318 million unique users, and 147 million passwords pertaining to those previous dumps."
The data had been set up in an alphabetic directory broken up into 1981 pieces to make it possible to conduct fast searches. Additionally, there were search tools and insert scripts which were explained in a README file.
"This database makes finding passwords faster and easier than ever before. As an example searching for 'admin', 'administrator' and 'root' returned 226,631 passwords of admin users in a few seconds," Casal wrote.
The list of the top 40 passwords and volume found:
Graphic: courtesy 4iQ