We hate to be the ones to tell you this – but there’s a pretty good chance that one of your passwords has leaked online. That’s because one of the biggest data breaches in history – with a mind-numbing total of 3.2 billion pairs of email addresses and passwords – has been shared by hackers on a popular forum.
When a data breach occurs, it usually only centres on a single service or organisation. So, if you don’t have an account with whatever website, smartphone app, or company that suffers the data breach – you’re safe in the knowledge that you won’t be impacted by the breach. And if you are affected (provided you use a unique password and email combination for every account online) you’ll only have to tweak a single password to ensure that your data is safely locked away from prying eyes. It’s frustrating …but it’s relatively easy to deal with.
What makes this latest deal so difficult to firefight is because hackers have compiled data from a series of data breaches. In fact, there is such an array of sources for the 3.2 billion leaked login credentials that experts are referring to this attack as the “Compilation of Many Breaches” or COMB for short.
This has happened before. Back in 2017, details from some 1.4 billion online accounts were shared online under the brand of the “Breach Compilation”. COMB will impact more than twice as many people as the “Breach Compilation”. Worse still, unlike the “Breach Compilation”, hackers have added query.sh script with COMB data, which means anyone can quickly search the database for details on a particular person. If you know someone’s email address, you can search the nefarious database to try to find the corresponding password, for example.
It’s still unclear which databases were attacked to steal the billions of login details included in COMB. However, samples seen by security experts at CyberNews show emails and passwords originating from domains all over the world. As such, there’s a high chance that people from across the globe will be impacted by this breach.
Since a worrying number of people re-use the same email address-password combination across multiple online accounts, the impact from COMB would be devastating – and on a scale we haven’t seen before. If you’ve used the same login details for multiple websites, hackers only need one of these to leak – a social media account, for example – to login into your email, online shopping services, takeaway delivery, cloud storage for important documents and photos, or worst of all, online banking.
CyberNews recommends that everyone set up multi-factor authentication (which is when websites will send a unique code to another device or a phone number before allowing you to login) and use a password manager, like Microsoft Authenticator, LastPass, 1Password or Dashlane to securely generate (and remember for you) passwords for every online account.
Google Chrome, the most popular desktop browser on the planet, recently added the ability to automatically alert users when any of their saved passwords had leaked online.