A recent sensational headline states that “3.2 billion leaked passwords contain 1.5 million records with government emails,” is indeed notable. However, this is not a new development, nor are these newly leaked credentials. This 100GB “database” was published for free this February in an online cybercrime forum. Dubbed “COMB,” or “Compilation of Many Breaches,” this data set is composed of multiple leaks and breaches across different companies that have occurred over the years. COMB represents a bit of a one-stop-shop for data leaks; an if you’ve seen one, you’ve seen them all, sort of repository. This recent coverage is just a publicizing of findings from a firm that recently analyzed the trove of data.
COMB was originally published around the same time as the attack on the Oldsmar Florida Water Treatment Plant. Analysis at that time noted that interestingly COMB includes thirteen credentials linked to emails of the Oldsmar domain (noted in the All Eyes on Oldsmar post in the Security & Resilience Update for February 11, 2021). There has been no disclosed evidence indicating these leaked credential played any part in the Oldsmar incident. While this data set is nothing new, it is still a great example of why passwords still matter and the importance of maintaining unique usernames and passwords across all sites and services. Read more at The Hacker News.