Skip to Content
© Towfiqu |
Security & privacy

Check this list: 3.2 billion leaked usernames and passwords

Security breaches at any company are enough to send the IT administrators into a panic. Figuring out how the breach occurred and ways to stop the leaking of information is critical. Usually, when a breach happens, the company or service will notify users to change their credentials.

Isolated attacks can be quickly mitigated, but sometimes hackers have enough time to steal usernames and passwords. These details can then be sold on the black market to be used in other phishing attacks or profile hijackings. Tap or click for a tool that shows if your data has been exposed online.

One of the biggest hacks in history happened in 2013 when a Yahoo breach exposed an estimated 3 billion user records. Five years later, hotel chain Marriott International had 500 million users’ data stolen in a breach. Let’s look at some of the most significant data breaches and what you can do about them.

Here’s the backstory on breaches

Not all data leaks are from new breaches. Sometimes a hacker will compile a list of stolen credentials and post them online for other cybercriminals to use. This recently happened and is being dubbed the “Compilation of Many Breaches” or COMB for short.

The leak includes a cache of 3.8 billion records consisting of usernames and passwords from various hacks, all combined into one massive file. The acronym COMB isn’t an accident either, as the person responsible combed through all the data available.

Security researchers have estimated that this is the most extensive released collection of stolen credentials in history. It contains information from a previous Breach Collection, compiled in 2017, building on a database that now totals 41GB.

User information from breaches at LinkedIn, Netflix, Minecraft, Badoo, Bitcoin and Pastebin were included. It’s unclear if it’s the case with this release, but the 2017 compilation had 1.4 billion usernames and passwords stored in plain text.

What you can do about it

You should never use the same username and password for multiple websites or services. It might seem like the easiest way to remember login details, but if one account is breached, it could lead to all accounts using those credentials being exposed.

All passwords should be changed regularly — as often as once every two months. If you are still using the same credentials that have been exposed in this breach, you need to change them immediately.

“The impact to consumers and businesses of this new breach may be unprecedented. Because the majority of people reuse their passwords and usernames across multiple accounts, credential stuffing attacks is the biggest threat,” explained Cybernews.

Create strong passwords that consist of multiple elements. Tap or click here for help creating strong passwords.

You could also make use of a password manager. They generate and store all your passwords, so you don’t need to remember anything. We recommend letting our sponsor, Roboform, do the heavy lifting related to password generation and security. Save 50% on RoboForm Everywhere and manage your passwords with ease and security.

Keep Reading

The best browsers for privacy at a glance

Old ransomware back with some new tricks – Protect yourself

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started