The largest combo of stolen credentials to date, containing more than 3.2 billion user login combinations, was posted on a cybercrime forum last week. The mother of all data leaks, dubbed “Compilation of Many Breaches” (COMB) by its uploader, includes unique email and password combinations from more than 250 previous data breaches, such as Netflix, LinkedIn and Exploit.in.
According to cybersecurity researchers, the database is being traded in the underground community for a mere $2.
“On February 2, 2020, user Singularity0x01 created a thread on the popular English-language cybercriminal forum RaidForums titled ‘Compilation of Many Breaches (COMB) 3.8Billion (Public),” Digital Shadows researcher Ivan Righi said. “In order to view the download link for the password-protected .ZIP file containing the data, forum users were asked to spend 8RaidForums credits (about $2).”
Data leak impact
Although the leaked information spans nearly five years, users who failed to reset account passwords following a security incident are in for a shock. Remember, the information may be stale or old, but user data has no expiration date. Cybercriminals recycle information found in old data breaches. They know most people use the same password for multiple accounts.
The data could be used in credential-stuffing attacks, as threat actors attempt to take over user accounts to steal financial and personally identifiable information.
How to protect your accounts
As a rule of thumb, never use the same password, or a similar one, when creating an account. If you were made aware of a breach, act fast and reset your password immediately. Chose unique, strong passwords and look up a trustworthy password manager application to help you keep tabs on all login information. If the platform allows two-factor or multi-factor authentication, considering enabling them for extra security.
It’s also a good idea to install a security solution on your devices. Since data breaches happen daily, it may be difficult to keep informed on what information was exposed.
You can find out more about how to mitigate a data breach and regain control of your personal information with Bitdefender’s Digital Identity Protection.