3.2 Billion Unique Emails and Passwords Are Leaking And Up For Sale

05/02/2021

Hackers can work solo, or in groups. But whatever their method is, or with whoever they are working with, hackers (black hat) are bad to the bone.

When they infiltrate a target, which can be an organization or a company, hackers may exploit the target to seek for more vulnerabilities and steal sensitive data.

That sensitive data can include name, home address, personal email and so forth. But none may be as expensive as clear text username and password combinations.

And this time, more than 3.2 billion unique pairs of emails and their login credentials are for sale on an online hacking forum.

As first reported by CyberNews, this data leak is being referred to as the “Compilation of Many Breaches” or COMB.

Someone sells the COMB database on a hacking forum. (Credit: CyberNews)

COMB usually contains more than double the amount of sensitive data, simply because the database includes data gathered from various hackers and leaks.

The leaked database contains scripts called the count_total.sh, the script query.sh, and the sorter.sh.

After running the first script, CyberNews found that the COMB contains more than 3.27 billion email and password pairs.

Instead of being a new data breach, this COMB appears to be the largest compilation of multiple breaches ever posted online until this date, far eclipsing 2017's Breach Compilation which leaked 1.4 billion credentials.

The data is even organized in a tree-like structure.

The second script can be used for querying the emails and passwords, and the third script for sorting the data.

This makes COMB an “interactive database” that allows people (buyers) for “fast (one second response) searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.”

"This does not appear to be a new breach, but rather the largest compilation of multiple breaches. Much like 2017’s Breach Compilation, COMB’s data is organized by alphabetical order in a tree-like structure, and it contains the same scripts for querying emails and passwords."

The leaked database, along with its tree-like structure, as well as a sample of the username/password pairs. (Credit: CyberNews)

Realizing the massive scope of this leak, the news outlet is adding the leaked credentials to its Personal Data Leak Checker so users can find out whether their emails or passwords have been exposed online.

At this time, it's still unclear who compiled this massive COMB. What CyberNews know is that, the leak originate from domains all over the world, "aggregating past leaks from Netflix, LinkedIn, Exploit.in, Bitcoin and more."

The impact of this leak is massive.

This is because the majority of people reuse their passwords and usernames across multiple accounts and domains.

"If users use the same passwords for their LinkedIn or Netflix as they do their Gmail accounts, attackers can pivot to other more important accounts," CyberNews wrote. "Beyond that, users whose data has been included in Compilation of Many Breaches may become victims of spear-phishing attacks, or they may receive high levels of spam emails."

It is recommended for anyone to change their passwords on a regular basis, and to use strong and unique passwords for every account, every time.