The email addresses and passwords of 3.27 billion accounts have been leaked in possibly the largest data breach, reported CyberNEws. The tremendous archive is dubbed the “Compilation of Many Breaches,” or COMB.
CyberNews clarified that this motherlode of login credentials is not a new breach and is instead a collection of previous incidents. However, this archive is notable because it brings together a colossal amount of data in one place.
The data included in the archive covers data from the 2012 LinkedIn breach affecting 117 million accounts. Netflix login credentials were also found in the compilation. However, the report said that no specific leaked databases have been pinpointed.
Consumer Affairs cited Identity intelligence company 4iq which commented, “Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.”
According to CyberNews’ Bernard Meyer, “The impact to consumers and businesses of this new breach may be unprecedented. Because the majority of people reuse their passwords and usernames across multiple accounts, credential stuffing is the biggest threat.”
Those who are wondering if their data has been compromised can head on to the CyberNews database to check. HaveIBeenPwned is also a great tool for checking, especially as it contains a lot of breach information.
Affected users are advised to check their credentials to see if they use the same usernames and passwords in different services. They are also encouraged to change their passwords to secure their accounts. Regular changing of passwords is advised.
Another way to address the issue is to use multi-factor authentication including enabling one-time passcodes and authenticators like Google Authenticator, which minimizes the possibility of takeovers even with usernames and passwords.
To better secure their accounts and avoid forgetting passwords, users can use password managers. Moreover, users should be vigilant and be on the lookout for malicious actions by threat actors including fraudulent transactions, phishing attempts, and identity theft.
Meanwhile, this is not the first time that a compilation of breaches has been released by malicious parties. The Breach Compilation was exposed by 4iq in 2017 containing 1.4 billion credentials from 252 incidents.
The 2017 Breach Compilation was considered the biggest database of its time covering accounts from various services like LinkedIn, Netflix, Minecraft, Badoo, Bitcoin, and Pastebin. This is followed by the Exploit.in a leak that contained 800 million login pairs.