Security researchers are warning a “compilation of many breaches” – COMB – is now available amongst the cybercriminal community following a leak. Now being traded on the underground, the COMB hosts a massive 3.27 billion unique combinations of email addresses and passwords.
Clearly a treasure chest for the threat actor, these combinations are in clear text. It includes user information for security breaches that have happened to platforms in recent years. For example, email and password credentials for users from LinkedIn, Netflix, and other major services are in the trove.
Known as COMB by the person or persons who first uploaded the compilation has been available online since February 2. The posting was made by an individual or group known as “Singularity0x01.”
“On February 2, 2020, user Singularity0x01 created a thread on the popular English-language cybercriminal forum RaidForums titled ‘Compilation of Many Breaches (COMB) 3.8Billion (Public),'” Ivan Righi, cyber-threat intelligence analyst at Digital Shadows, told ThreatPost.
“Singularity0x01 stated that the collection was built on a previous breach compilation that contained 1.4 billion records, and that the contents were mostly publicly available. The user also said that the data was presented in an alphabetical order and in a tree-like structure.”
It seems the ZIP file is password protected and can only be viewed by forum members at RaidForums by spending 8 site credits (around $2). That's not a lot of money for what on the surface seems like a major leak of important information. Righi tells ThreatPost the hacking underground has been largely unimpressed with the data dump:
“Some users claimed that files were corrupted, files were missing, the total number of credentials was smaller than advertised, and the data was of low quality,” he says. For members who paid for the cache, most were left disappointed. Instead of being a major leak, the user Singularity0x01 is becoming persona non grata over at RaidForums.
“Singularity0x01 was permanently banned from RaidForums on 08 Feb 2021 for ‘leaking hidden content,' although no further information was provided by the site's moderators.”
Many of the credentials have been available to threat actors for some time. It appears all that's happened here is that information has been compiled to make a quick buck.
Tip of the day:
Whether you're planning an upgrade, tuning CPU timings, or just curious, it's handy to know information about your RAM. In our tutorial, we show you how to check RAM speed, type, and size using several built-in Windows 10 tools.