Billions of Passwords Offered for $2 in Cyber-Underground
upstart writes in with an IRC submission:
Billions of Passwords Offered for $2 in Cyber-Underground:
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection.
A "compilation of many breaches" - COMB for short - has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords.
The trove is an aggregate database that brings together older stolen data from breaches past - including credentials from Netflix, LinkedIn, Exploit and others. COMB - which was given that name by the person who posted it online - was first made public on Feb. 2 by a user dubbed "Singularity0x01," a researcher told Threatpost.
[...] In order to view the download link for the password-protected .ZIP file containing the data, forum users were asked to spend 8 RaidForums credits (about $2), he added. Then, they can use the database's built-in tool for querying and sorting the information to slice and dice the data.
[...] The data itself was not that well-received by underground denizens, Righi noted.
"Some users claimed that files were corrupted, files were missing, the total number of credentials was smaller than advertised, and the data was of low quality," he explained - all of which led to Singularity0x01 gaining a negative reputation rating on the criminal forum.
[...] The data may be old, but it's not without value. Thanks to password reuse, hackers can use the data to mount brute-force or credential-stuffing attacks in an effort to hijack any number of types of accounts. And from there, the potential fallout becomes notable.
Read more of this story at SoylentNews.