More than three billion emails and passwords were just leaked online
Compilation of Many Breaches contains credentials and data from past leaks
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Normally when adata breachoccurs, the cybercriminals responsible may leak the usernames and passwords stolen from one organization or company. However, a new compilation recently posted on an online hacking forum contains more than 3.2bn unique pairs of cleartext emails and passwords gathered from past leaks.
As reported byCyberNews, this new data leak is being referred to as the “Compilation of Many Breaches” (COMB) as it contains more than double the amount of unique email and password pairs than theBreach Compilationfrom 2017 in which 1.4bn credentials were made available online.
Additionally, just like with 2017’s Breach Compilation, COMB’s leaked database contains a script named count_total.sh. However, this latest leak also includes the scripts query.sh for querying emails and sorter.sh for sorting the data it contains.
After running the count_total.sh script, CyberNews found that COMB contains more than 3.27bn email and password pairs. For this reason, the news outlet is currently adding the credentials from the leak to itsPersonal Data Leak Checkerso that users can find out whether their emails or passwords were exposed online.
COMB
Instead of being a new data breach, COMB appears to be the largest compilation of multiple breaches ever posted online. This new data leak shares many similarities to 2017’s Breach Compilation including the fact that its data is organized in a tree-like structure and that the same scripts are used for querying emails and passwords.
At this time, it is still unclear as to which previously leaked databases have been included in COMB. However, samples seen byCyberNewsshow that the emails and passwords contained in the leak originate from domains all over the world.
As a large number of users reuse their passwords and usernames across multiple online accounts, the impact to consumers and businesses as a result of COMB may be unprecedented as this data can be used to launchcredential stuffingand other cyberattacks. Another problem is the fact that cybercriminals can use the credentials from a user’s social media accounts to pivot to other more important accounts such as their email or even theircloud storage.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To prevent falling victim to any future accounts carried out using the data contained in COMB,CyberNewsrecommends that users set upmulti-factor authenticationand use apassword managerto further protect their online accounts.
We’ll likely hear more from the news outlet once all of the data in COMB has been analyzed to determine which leaks the 3.2bn+ emails and passwords originally came from.
ViaCyberNews
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
The Galaxy S25 Ultra’s rumored iPhone-beating power could tempt me back to Android
