More than three billion emails and passwords were just leaked online

[Karlston]

More than three billion emails and passwords were just leaked online

Compilation of Many Breaches contains credentials and data from past leaks

 

(Image credit: Shutterstock)

 

Normally when a data breach occurs, the cybercriminals responsible may leak the usernames and passwords stolen from one organization or company. However, a new compilation recently posted on an online hacking forum contains more than 3.2bn unique pairs of cleartext emails and passwords gathered from past leaks.

 

As reported by CyberNews, this new data leak is being referred to as the “Compilation of Many Breaches” (COMB) as it contains more than double the amount of unique email and password pairs than the Breach Compilation from 2017 in which 1.4bn credentials were made available online.

 

Additionally, just like with 2017's Breach Compilation, COMB's leaked database contains a script named count_total.sh. However, this latest leak also includes the scripts query.sh for querying emails and sorter.sh for sorting the data it contains. 

 

After running the count_total.sh script, CyberNews found that COMB contains more than 3.27bn email and password pairs. For this reason, the news outlet is currently adding the credentials from the leak to its Personal Data Leak Checker so that users can find out whether their emails or passwords were exposed online.

COMB

Instead of being a new data breach, COMB appears to be the largest compilation of multiple breaches ever posted online. This new data leak shares many similarities to 2017's Breach Compilation including the fact that its data is organized in a tree-like structure and that the same scripts are used for querying emails and passwords.

 

At this time, it is still unclear as to which previously leaked databases have been included in COMB. However, samples seen by CyberNews show that the emails and passwords contained in the leak originate from domains all over the world.

 

As a large number of users reuse their passwords and usernames across multiple online accounts, the impact to consumers and businesses as a result of COMB may be unprecedented as this data can be used to launch credential stuffing and other cyberattacks. Another problem is the fact that cybercriminals can use the credentials from a user's social media accounts to pivot to other more important accounts such as their email or even their cloud storage.

 

To prevent falling victim to any future accounts carried out using the data contained in COMB, CyberNews recommends that users set up multi-factor authentication and use a password manager to further protect their online accounts.

 

We'll likely hear more from the news outlet once all of the data in COMB has been analyzed to determine which leaks the 3.2bn+ emails and passwords originally came from.

 

Via CyberNews

 

 

More than three billion emails and passwords were just leaked online

[funkyy]

Once again when you click to visit the page with this tool/checker you are met by a long repetitive page of

spiel describing how important it is to be careful etc etc. They ramble on while as you scroll you see many adverts "recommending"

security products and giving advice. Finally got to the page where you have to put your email in the search box to check

if yours was one of the billions leaked....and nothing happens. There's no indication that a search is being done, no progress

indicator of any kind. Oh, but you get a message asking for permission to pass your email on to other companies.

This is like one of those stories that used to appear saying there was a cure for poor eyesight that was a natural method

that you could practice at home and required no medicine costs etc. That went on and on and on and was just a build up 

to a hard sell.

If they have a damn checking tool they should put it upfront without all the "rope a dope" tactics!!

[Karlston]

14 minutes ago, funkyy said:

If they have a damn checking tool they should put it upfront without all the "rope a dope" tactics!!

 

I agree 100%.

 

Have removed all the TechRadar links in the article. Thanks for the heads-up, appreciated.

[aum]

@Karlston: "Have removed all the TechRadar links in the article. Thanks for the heads-up, appreciated."

 

You are a kind soul!  
 

[

Most roads have potholes.   Internet is full of them.   Avoid them gracefully.   What use is blaming the map maker; (S)he doesn't travel all the roads (s)he maps on her maps?  😉

]

 

(A story (for contemplation):

 

Once upon a time, on a Monday, a man was walking down a road.  All of a sudden, out of nowhere, he found himself at the bottom of a big, dark place.  It was scary!  After several hours, he figured out that he had fallen into a very large pothole.  He wasn’t able to get out on his own–actually it required a lot of help to get out, but eventually he did get out.  It was awful.

 

The very next day–Tuesday, the man was walking down the road and fell into the pothole again.  This time he immediately recognized where he was, but he still couldn’t get out.  He needed help again.

 

Wednesday, when the man fell in the pothole for the 3rd time, he remembered how to get out, and–with much hard work–was able to get out on his own.  Whew!

 

On Thursday, the man was walking down the street again.  As he approached the pothole, he remembered his previous falls.  He even saw the pothole when he got close… but unfortunately he fell in anyway.  But he knew the way out pretty well this time, and got out quickly.

 

On Friday, the man saw the pothole from a good distance away.  He felt so proud of himself for spotting it, and while it took a lot of effort, he did manage to walk around it safely, and didn’t fall in for the first time in a long time!  Hurrah!

 

On Saturday, the man took a different road.)

 

[aum]

1 hour ago, Karlston said:

Have removed all the TechRadar links in the article. Thanks for the heads-up, appreciated.

Just out of curiosity (i know it may kill the cat) went to TechRadar link to check my email and received the following message:

 

"We haven’t found your email among the leaked ones.

Still, your personal data could be leaked, we just don’t know about it yet."

 

Is that what you get @funkyy ?

[funkyy]

1 hour ago, aum said:

Just out of curiosity (i know it may kill the cat) went to TechRadar link to check my email and received the following message:

 

"We haven’t found your email among the leaked ones.

Still, your personal data could be leaked, we just don’t know about it yet."

 

Is that what you get @funkyy ?

aum, no...I got to the part where you have to put your email address and click to see if it had been leaked...and nothing happened.

But there were plenty of offers and adverts, and as I mentioned, they wanted permission to pass my email address on to others.

They seem to be fishing for business more than anything else.

[DKT27]

Concerning.

 

However, hopefully those passwords were not this one.

 

As for which site to trust. I think this site is trustable enough. They have a search password section too which many do not notice. However, searching for passwords is an unsafe task as one needs to provide them their password so for that I am not sure about that part there.

[aum]

9 hours ago, funkyy said:

I got to the part where you have to put your email address and click to see if it had been leaked...and nothing happened.

@funkyyThat's where I entered my email address and got the message: 

 

"We haven’t found your email among the leaked ones.

Still, your personal data could be leaked, we just don’t know about it yet."

 

Worked straightforward for me, it seems.  Oh, the Internet and its tools:  many combinations and effects...?

 

[funkyy]

5 hours ago, DKT27 said:

Concerning.

 

However, hopefully those passwords were not this one.

 

As for which site to trust. I think this site is trustable enough. They have a search password section too which many do not notice. However, searching for passwords is an unsafe task as one needs to provide them their password so for that I am not sure about that part there.

I agree DKT27, it defeats the whole purpose of having a password. You don't reveal your password(s) to anyone...ever!!

As far as their tool is concerned, it may be genuine but they hide it under a lot of paragraphs and adverts and don't make it easy

to go straight to it...they obviously want you to see/read as much of the other stuff as they can get you to do.