3.2 billion leaked emails and passwords? Impressive, but not worrying

A cybercriminal posted a database of over 3.2 billion email / password pairs on the most popular hacker forum. Although impressive in size, this data leak is not dangerous. It only contains old data, which has already been massively exploited.

“COMB”, for “Compilation of Many Breaches”, or the ” compilation of many flaws ” in French. This is the dramatic name given by a data seller to a database that contains nearly 3.2 billion email / password pairs, according to our sources. The individual has posted their aggregation work on the most popular data-selling forum, and all they need to do is spend 8 credits, or the equivalent of $ 2, to access it.

In his message, he does not hide the origin of the data: ” The vast majority of the content is publicly accessible. In other words, he only compiled databases already known to everyone, cybercriminals as well as cybersecurity companies. This work is not without interest, but it is not really dangerous.

The creator of COMB did a great job of compiling, but didn’t provide an unknown leak. // Source: Louise Audry for Numerama

Yet on February 11 RTL published in the evening an article with an alarmist title: ” Cybersecurity: Over 3 billion Gmail and Hotmail passwords leaked online. This title is far too approximate: if the database contains Gmail and Hotmail addresses, it also contains email addresses from other services. Above all, the password associated with an email address is not necessarily that of the email address. For example, it could be the email address and password a person uses to connect to LinkedIn (it’s still annoying, but it doesn’t give access to the mailbox).

An “info” which is slowly gaining momentum in France

To understand these errors, we must go back to the source of the information. The French site quotes an article from the site American BGR, published February 9, which itself mentions a much longer article by Cybernews, published February 2. The latter is therefore the primary source of this media sequence, which gained momentum a week later in France. If part of his analysis is correct, he especially takes advantage of the event to highlight his ” personal data verifier “, which allows you to search a database created by the company if its email address has been leaked.

Problem: this database has not yet received the data from “COMB”, and therefore does not allow the verification promised. If you are worried about your email address or password being leaked, always use a (free) search on Have I Been Pwned, the industry benchmark tool.

Cybernews verification tool. Instead, focus on Have I Been Pwned. // Source: Screenshot of Cybernews.com

What does COMB contain?

The surname ” mother of all leaks », Attributed by some media, leads to confusion. COMB only aggregates already known “combo lists”, some for more than 5 years. The “combo lists” are lists of duo emails / passwords, themselves extracts from more complete data leaks. In other words, COMB is an aggregate of aggregates. According to the first tests carried out by our source, the database does not contain any unknown leak: all its content has already circulated on the forums.

COMB still stands out thanks to some peculiarities:

  • She weights 87.5 gigabytes, and has over 4000 files in over 130 folders.
  • So she lists 3.28 billion unique email / password pairs. 3,278,412,308 precisely, according to our source.
  • It includes a search script, so that even a person without computer skills can perform simple searches in the database. In addition, it is particularly well ordered, which makes it easier to consult.
  • Each line is at format simple “Email”: “password”. No need to crack some passwords or clean up the format of some lines.

What interest does COMB have for criminals?

The criminals will get this database to try to connect to all kinds of accounts: Facebook, PayPal, Twitter, Gmail, Outlook… Concretely, they will take a line from the list – let’s imagine “[email protected]”: “Password – then they will try this identifier duo on each service, in the hope that it will work. If they manage to log into an account, they will either monetize the access or operate it themselves.

Since the database only aggregates old data, it is more aimed at budding hackers, who would like to try their hand at account theft, but who do not have the skills to do the filtering work themselves. . For seasoned cybercriminals, COMB’s data is irrelevant: they’ve already seen and reviewed it.

COMB presents quantity, but little quality

The volume of data contained in the database may be impressive, but its use should not cause much damage. For two main reasons:

  • Much of the data is out of date. COMB does not give the date of the data it contains, so that an attacker cannot filter duos of identifiers from the most recent to the oldest. That’s a problem for them: Some data comes from combo lists published in 2016, which contained even older passwords. As a result: since most of the data is old, a large part of the passwords have already been changed.
  • This data has already been exploited and re-exploited. COMB will only be of interest to the lower end of the cybercriminals’ food chain. The most advanced cybercriminals trade recent data leaks to each other in selective spaces, then resell them when they have gained enough value. Then, these data leaks will be exchanged at a lower cost on other types of forums, before landing, at the end of the chain, on the one where COMB was published. As a result, in the majority of cases when a stolen database is published for free, it means that it has already been exploited for a long time. As for COMB, it compiles public combo lists themselves made up of old public databases. In other words, if your credentials are in COMB and they allowed to connect to your accounts, cybercriminals surely already did it several months or even years ago.

What should I do to protect myself from COMB?

Although the risk represented by operating COMB is very limited, there are a few precautions you can take to ensure that it is reduced to zero.

  • Find your email addresses on Have I Been Pwned, which already aggregates the majority, if not all of the data in COMB. You will know if your email address has leaked, on which service it has leaked, and what data (phone number, password, address, etc.) are part of the leak. If the site tells you that one of your passwords is leaked, change it.
  • Never (ever) reuse your passwords. This lack of precaution greatly facilitates the work of criminals of all levels, and is at the heart of the operation of COMB.
  • Activate double authentication (also called two-factor authentication or 2FA) on the services that offer it. At least do this for your email address and for your main social media accounts. Thus, even if the cybercriminals become your credentials, they will not be able to connect to your account, because they will not have the code of the 2FA, sent by text or on an app like Google Authenticator.

Source: Numerama by cyberguerre.numerama.com.

*The article has been translated based on the content of Numerama by cyberguerre.numerama.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!