Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » News » COMB: largest breach of all time leaked online with 3.2 billion records

COMB: largest breach of all time leaked online with 3.2 billion records

by Bernard Meyer
12 February 2021
in News
37
COMb data leak - Mother of all breaches
2.2k
SHARES

It’s being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of Many Breaches, contains more than 3.2 billion unique pairs of cleartext emails and passwords. While many data breaches and leaks have plagued the internet in the past, this one is exceptional in the sheer size of it. To wit, the entire population of the planet is at roughly 7.8 billion, and this is about 40% of that.

However, when considering that only about 4.7 billion people are online, COMB would include the data of nearly 70% of global internet users (if each record was a unique person). For that reason, users are recommended to immediately check if their data was included in the leak. You can head over to the CyberNews personal data leak checker now.

CyberNews was the first leak database to include the COMB data. Since COMB was first released, nearly 1 million users have checked our personal data leak checker to see if their data was included in the biggest breach compilation of all time.

So how did the COMB data leak happen?

On Tuesday, February 2, COMB was leaked on a popular hacking forum. It contains billions of user credentials from past leaks from Netflix, LinkedIn, Exploit.in, Bitcoin and more. This leak is comparable to the Breach Compilation of 2017, in which 1.4 billion credentials were leaked. 

However, the current breach, known as “Compilation of Many Breaches” (COMB), contains more than double the unique email and password pairs. The data is currently archived and put in an encrypted, password-protected container.

The leaked database includes a script named count_total.sh, which was also included in 2017’s Breach Compilation. This breach also includes two other scripts: query.sh, for querying emails, and sorter.sh for sorting the data.

After running the count_total.sh script, which is a simple bash script to count the total lines in each of the files and add them together, we can see there are more than 3.27 billion email and password pairs:

We are currently adding the new COMB emails to our Personal Data Leak Checker. The CyberNews Personal Data Leak Checker has the largest database of known breached accounts, helping users know if their data has possibly fallen into the hands of cybercriminals.

Check out our personal data leak checker now to see if your email address has been exposed in this or previous leaks.

This does not appear to be a new breach, but rather the largest compilation of multiple breaches. Much like 2017’s Breach Compilation, COMB’s data is organized by alphabetical order in a tree-like structure, and it contains the same scripts for querying emails and passwords.

In the screenshots attached with the leak, the organization of the data can be seen, as well as the type of data released. Below, the data has been blurred by CyberNews:

At the moment, it is unclear what previously leaked databases are collected in this breach. Samples seen by CyberNews contained emails and passwords for domains from around the world.

Netflix, Gmail, Hotmail logins included in COMB

Because COMB is a quick, searchable, well-organized database of past major leaks, it naturally contains past leaks. This includes major leaks from popular services such as Netflix, Gmail, Hotmail, Yahoo and more.

Based on our analysis of the breached data, there are approximately 200 million Gmail addresses and 450 million Yahoo email addresses in the COMB data leak.

In 2015, The Independent reported on an apparent “Netflix hack” where cybercriminals were able to log into Netflix users’ accounts worldwide. However, Netflix has never admitted to being hacked, and this is more likely a casualty of the fact that users often use the same passwords for different accounts.

This is why it’s important to use a unique password for each account you create. CyberNews has a strong password generator that you can use to create strong, unique passwords.

CyberNews Pro tip

Don't let another data breach scare you. Password managers create not only strong and unique passwords, but they'll also alert you when your credentials have been leaked.
Learn more about password managers

Similarly, Gmail never had a data breach of its own. Instead, this is most likely related to people using their Gmail email addresses on other breached websites or services.

On the other hand, Microsoft confirmed that between January and March 2019, hackers were able to access a number of consumer Outlook.com, Hotmail and MSN Mail email accounts.

But perhaps the biggest big-name data breach happened to Yahoo. While it was reported in 2016, the breach actually happened at the end of 2014. In that Yahoo breach, the company confirmed that all 3 billion of its users’ accounts had been impacted.

It appears that not all data from past Yahoo and Hotmail/Microsoft breaches have been included in COMB. Nonetheless, it is possible that the list has been cleaned of dead credentials, which is why it’s crucial that users check if their data has been leaked.

Similar to Breach Compilation

This current leaked database appears to build on 2017’s Breach Compilation. In that leak, intelligence analysts at 4iQ discovered a single file database with 1.4 billion email and password pairs, all in plaintext. 

At the time, this was considered the largest credential breach exposure, almost two times larger than the previous largest credential exposure from Exploit.in which had nearly 800 million records.

2017’s Breach Compilation contained 252 previous breaches, including the aggregated ones from the previous Anti Public and Exploit.in dumps, as well as LinkedIn, Netflix, Minecraft, Badoo, Bitcoin and Pastebin. However, when they analyzed the data, they found that “14% of exposed username/passwords pairs had not previously been decrypted by the community and are now available in clear text.”

When 4iQ discovered the Breach Compilation, they tested a small subset of the passwords for verification, and most of the tested passwords worked. The intelligence analysts state that they found the 41GB dump on December 5, 2017, with the latest data updated on November 29, 2017.

They also remarked that the leak was not just a list, but rather an “interactive database” that allowed for “fast (one second response) searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.”

It is unclear what the repercussions of the Breach Compilation have been.

Possible impact

The impact to consumers and businesses of this new breach may be unprecedented. Because the majority of people reuse their passwords and usernames across multiple accounts, credential stuffing attacks is the biggest threat.

If users use the same passwords for their LinkedIn or Netflix as they do their Gmail accounts, attackers can pivot to other  more important accounts.

Beyond that, users whose data has been included in Compilation of Many Breaches may become victims of spear-phishing attacks, or they may receive high levels of spam emails. 

In any case, users are normally recommended to change their passwords on a regular basis, and to use unique passwords for every account. Doing so – creating and remembering unique passwords – can be quite challenging, and we recommend users get password managers to help them create strong passwords.

And, of course, users should add multi-factor authentication, like Google Authenticator, on their more sensitive accounts. That way, even if an attacker has their username and password, they won’t be able to get into their accounts.

We will continue to analyze the data as the story unfolds.

Update February 12: This article was updated to add new analysis of the Gmail and Yahoo domains contained within the COMB database, as well as how many users have checked their data on CyberNews’ data leak checker.

Share2222TweetShareShare
Next Post
Private Internet Access (PIA) review

Private Internet Access VPN review

Comments 37
  1. Raja says:
    3 weeks ago

    How come your personal data leak checker is processing requests so fast (1 second approximately) while validating against 2+ billion unique email addresses

    Reply
    • Thrasos Thrasyvoulou says:
      3 weeks ago

      Database indexing

      Reply
    • Amine Raounak says:
      3 weeks ago

      Bloom Filter

      Reply
    • triangles says:
      2 weeks ago

      Binary search on ordered set data with 2 billion entities takes log2(2B) = 31 operations. A modern computer can do billions of operations per second. It’s actually quite slow.

      Reply
      • Bobait Log says:
        1 week ago

        Hahahaha! True dat!

        Reply
      • Danielle Smith says:
        6 days ago

        Probably has something to do with mind mapping and/or neural networks. It’s a very lucrative industry with all the new technology capabilities coming out. These big companies are getting rich off of mind-raping unaware victims!

        Reply
  2. John says:
    3 weeks ago

    “More than 3.2 billion unique pairs of cleartext emails and passwords have just been leaked on a popular hacking forum…”

    What hacking forum? Does it have a name?

    Reply
    • Johnnny says:
      3 weeks ago

      They are vague so they don’t show it anywhere

      Reply
    • Victor Nunes says:
      2 weeks ago

      raidforum

      Reply
    • Ronald says:
      2 weeks ago

      raidforums

      Reply
    • Hfouad94 says:
      2 weeks ago

      xss is
      or
      xss as

      Reply
  3. Andy says:
    2 weeks ago

    Okay. So my old email is included in that list. My new one is not. I dont even know where this old email is still in use. I need to know which accounts of mine got leaked in order to change the passwords or to delete those accounts.

    Reply
    • Ed says:
      2 weeks ago

      Personal data leak checker is a trap to get your email adresse, less you provide your email less is the risk of leak.
      Use double authentication and never trust anyone or any such tool who ask your email

      Reply
      • Mantas Sasnauskas says:
        2 weeks ago

        Hi Ed. We only store hashed emails (bcrypt) and we do not store your emails, that you check. You can read about it on our FAQ for the Data Leak Checker https://cybernews.com/leak-check-faq/
        And if you have concerns, you can email me personally, for any more details on how we anonymise the data.

        Reply
        • Kocio says:
          2 weeks ago

          Yeah, Ed. You can trust me xD

          Reply
    • franklin DR says:
      2 weeks ago

      a bit more info on which site the logins where found would be vey helpfull .
      Now it’s only spreading fear….

      Reply
      • Mantas Sasnauskas says:
        2 weeks ago

        Hi Franklin. The COMB was leaked with just emails and passwords, no sources in the COMB itself were present. Our investigation team is working on including sources in the near future, by cross-referencing it with the previous independent breaches.

        Reply
  4. Otmani Yasmina says:
    2 weeks ago

    Check email

    Reply
  5. Vitalii says:
    2 weeks ago

    Use less programs of Chinese and Russian origin.

    Reply
  6. Cristian says:
    2 weeks ago

    Where can I find this leak db for download?

    Reply
    • Mantas Sasnauskas says:
      2 weeks ago

      Hi Cristian. Unfortunately, we can’t give you the link to the COMB leaked database. But it was posted on several hackers forums.

      Reply
  7. VANHEMS FENOLLAR says:
    2 weeks ago

    pouvez vous me dire si mon compte est piraté afin que je change mon mail. Merci par avance.

    Reply
    • Mantas Sasnauskas says:
      2 weeks ago

      Hi Vanhems. You can check if your email has been breached in our Data Leak Checker here: https://cybernews.com/personal-data-leak-check/

      Reply
      • re says:
        1 week ago

        The problem is that you say if our addreses have been hacked, good…
        But At least could you print out on which website…
        One email addreess can be use for several account and it is annoying to check all…

        Reply
  8. Mohammad Salehi says:
    2 weeks ago

    I am wondering how those hackers process these data without actual Hadoop Enterprise License?

    Reply
  9. Bob says:
    2 weeks ago

    Hi, it’s not really clear, what is breachcomp2.0? is it the same that COMP? which are the sites concerned?

    Reply
  10. Julia says:
    2 weeks ago

    im haked

    Reply
  11. Gate Jocelyn says:
    2 weeks ago

    Hi, can we see which password is associated to the leaked email? Just to know if I do really need to change it?
    Best,
    Jocelyn

    Reply
  12. cindy says:
    2 weeks ago

    cela ne fait absolument rien lorsque je rentre mon email, ça veut dire que c’est ok pour moi ?

    Reply
  13. Frank says:
    2 weeks ago

    Hi,

    Has anything changed in the leak database? I queried some addresses yesterday, and they were found among the compromised ones. Today I queried the same addresses again, and suddenly they came up “green”. How come?

    Regards,
    Frank

    Reply
  14. Matthew says:
    2 weeks ago

    I entered my e-mail it said it was not found in the list, however next day I started to receive spam malicious e-mails next day which I have never received before, how come??

    Reply
  15. Risto Rinne says:
    1 week ago

    Isn´t biggest hacker NSA?

    Reply
  16. Janet Patterson says:
    1 week ago

    I really don’t understand why every bank, department store, etc. thinks you should pay anywhere from $15 a month and up for security, when I have no idea where this money coming from! I would have to cancel my streaming, cancel my Internet, and even eat less food to pay all of it. It’s insane and when something does happen, you’re probably not even going to be responsible for all of it.

    Reply
  17. SteveB says:
    1 week ago

    I think anyone with an email address older than 3-4 years is likely in this COMPILATION of published breach addresses. Honestly, this kind of reporting is more fear-mongering than actual journalism.

    Reply
  18. vaughn says:
    1 week ago

    Shouldn’t this data base be showing multiple passwords for many email addresses? Any chance you confirm that? Signify it?

    Reply
  19. Michael says:
    6 days ago

    Shouldn’t Microsoft, Google and Netflix be notifying their customers if there was a breach of their data?

    Seems like that should be required of them and in their best interest to inform their user’s

    Reply
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

COMb data leak - Mother of all breaches
News

COMB: largest breach of all time leaked online with 3.2 billion records

by Bernard Meyer
12 February 2021
37

It's being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of...

Read more
14 million Amazon and eBay accounts sold online in new leak

14 million alleged Amazon and eBay account details sold online

17 February 2021
The hype around quantum computing: it’s not too early to get in

The hype around quantum computing: it’s not too early to get in

15 February 2021
Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

15 February 2021
Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

10 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!