An online hacking forum is playing host to a compilation of more than 3.2 billion emails and passwords gathered from previous leaks, all accumulated in one place. The so called “Compilation of Many Breaches or COMB” contains usernames, emails, and passwords from services such as Netflix, LinkedIn, Bitcoin and more. The data is archived and stored in a password-protected container.
This is similar to the 2017 leak that put more than 1.4 billion credentials online in plain text. This was a compilation of more than 252 previous known breaches all aggregated online. The affected services included LinkedIn, Minecraft, Netflix, Badoo, Bitcoin and Pastebin among others. This too was an organised collection of data, able to be quickly sifted through using searches and listings.
Click Image below to check if your email address has been compromised!
COMB is the largest known compilation of multiple breaches ever posted online. This new data leak shares many similarities to 2017's Breach Compilation including the fact that its data is organized in a tree-like structure and that the same scripts are used for querying emails and passwords.
As a large number of users reuse their passwords and usernames across multiple online accounts, the impact to consumers and businesses as a result of COMB may be unprecedented as this data can be used to launch credential stuffing and other cyberattacks. Another problem is the fact that cybercriminals can use the credentials from a user's social media accounts to pivot to other more important accounts such as their email or even their cloud storage.
To prevent falling victim to any future attacks carried out using the data contained in COMB, or any other data leak. We recommend that users set up multi-factor authentication and use a password manager to further protect their online accounts.
Solution: Speak to GB3s DPO
Contact Us: Here to help