Normally when a data breach occurs, the cybercriminals responsible may leak the usernames and passwords stolen from one organization or company. However, a new compilation recently posted on an online hacking forum contains more than 3.2bn unique pairs of cleartext emails and passwords gathered from past leaks.
As reported by CyberNews, this new data leak is being referred to as the “Compilation of Many Breaches” (COMB) as it contains more than double the amount of unique email and password pairs than the Breach Compilation from 2017 in which 1.4bn credentials were made available online.
Additionally, just like with 2017’s Breach Compilation, COMB’s leaked database contains a script named count_total.sh. However, this latest leak also includes the scripts query.sh for querying emails and sorter.sh for sorting the data it contains.
- TikTok removed nearly 90 million videos globally in the second half of 2020In total, from July 1 to December 31 last year, the company said … Read More
- Mastercard, MTN partner To enable payments on global platforms with Mobile MoneyMastercard and MTN announced a strategic partnership to enable millions of consumers in 16 countries across … Read More
- Using lessons learnt in 2020 to combat the security threats in 20212020 saw a boom in cyberattacks with cybercriminals taking advantage of the coronavirus … Read More
- Cybercrime and the pandemic – Read Now!A new report from BlackBerry shows that as our digital habits have changed over the … Read More
- Here is why enterprise security isn’t just an IT problemThey say a chain is only as strong as its weakest link; when … Read More
After running the count_total.sh script, CyberNews found that COMB contains more than 3.27bn email and password pairs. For this reason, the news outlet is currently adding the credentials from the leak to its Personal Data Leak Checker so that users can find out whether their emails or passwords were exposed online.
Instead of being a new data breach, COMB appears to be the largest compilation of multiple breaches ever posted online. This new data leak shares many similarities to 2017’s Breach Compilation including the fact that its data is organized in a tree-like structure and that the same scripts are used for querying emails and passwords.
At this time, it is still unclear as to which previously leaked databases have been included in COMB. However, samples seen by CyberNews show that the emails and passwords contained in the leak originate from domains all over the world.
As a large number of users reuse their passwords and usernames across multiple online accounts, the impact to consumers and businesses as a result of COMB may be unprecedented as this data can be used to launch credential stuffing and other cyberattacks. Another problem is the fact that cybercriminals can use the credentials from a user’s social media accounts to pivot to other more important accounts such as their email or even their cloud storage.