There’s a new large-scale data leak of usernames and passwords that goes into the category of record breakers.
Dubbed COMB21, the data leak consists of 3.28 billion passwords connected to 2.18 million unique email addresses. Furthermore, the leak also includes 1,502,909 passwords linked to email addresses from government domains from around the world. The United States government “leads” with 625,505 of exposed passwords, followed by the U.K with 205,099, Australia with 136,025, Brazil with 68,535, and Canada with 50,726 passwords.
How was the COMB21 data leak discovered?
The exposed credentials stem from a colossal 100GB dataset known as COMB21, standing for Compilation of Many Breaches. The data was published for free on an underground forum earlier this year, exposing information from different leaks associated with various organizations over the years.
How were the passwords collected?
Techniques such as password hash cracking have been used. The passwords were likely obtained with the means of phishing and eavesdropping on exposed plaintext connections.
As reported by TheHackerNews, the government domains affected by the leak are the following:
State Department – state.gov (29,144)
Veterans Affairs Department – va.gov (28,937)
Department of Homeland Security – dhs.gov (21,575)
National Aeronautics and Space Administration – nasa.gov (15,665)
Internal Revenue Service – irs.gov (10,480)
Center for Disease Control and Prevention – cdc.gov (8,904)
Department of Justice – usdoj.gov (8,857)
Social Security Administration – ssa.gov (8,747)
U.S. Postal Service – usps.gov (8,205), and
Environmental Protection Agency – epa.gov (7,986)
This is not the first large-scale data leak affecting millions of users across the world. Earlier this month, the personal details of more than 533 million Facebook users were exposed, including individuals from 106 countries, with 32 million records of US users, 11 million records of UK users, and 6 million records of Indian users. The leaked information included phone numbers, Facebook IDs, full names, locations, biographies, birthdates, and in some cases email addresses.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: