A group of hackers has released a free database containing a staggering 3.28 billion passwords , according to The Hacker News. The leak includes login credentials for different services and social networks. Among the data, there are also government emails from the United States, United Kingdom, Australia, Brazil, Russia and Mexico .
The package has been baptized as COMB21, an acronym that refers to “compilation of many leaks” in English . Some of the information has been traded by hackers over the years on forums. Although many data have already been published in the past, what is relevant about the current find is its large size.
The published data contains a huge amount of emails and passwords related to government domains. Among them are 625,505 passwords from the United States government , 205,099 from the United Kingdom, 136,025 from Australia, 68,535 from Brazil, 50,726 from Canada and 31,995 from Mexico .
Country Filtered passwords United States (.gov) 625.505 United Kingdom (.gov.uk) 205.099 Australia (.gov.au) 136.025 Brazil (.gov.br) 68.535 Canada (.gc.ca) 50,726 Mexico (.gob.mx) 31,995 France (.gouv.fr) 18,282 In the case of the United States government, the data leaked by hackers corresponds to different departments. For example the Department of State (state.gov), Department of Veterans Affairs (va.gov), Department of Homeland Security (dhs.gov), National Aeronautics and Space Administration (nasa.gov), Internal Revenue Service (irs.gov), among others.
The data corresponding to public services and government entities would have been obtained through the decryption of password hashes after being stolen or through phishing attacks and clandestine espionage in insecure connections.
Hackers published the database for the first time in February
Credit: CyberNews According to CyberNews, COMB21 began circulating on hacker forums in early February . The funny thing about the database is that it includes the “query.sh” and “sorter.sh” scripts. They allow you to check emails and make classifications. That is, it is not a huge mass of plain text, but a database with a query system.
Furthermore, the hackers organized the data in alphabetical order, as shown in the screenshots. However, it has not yet been possible to identify the origin of each of the individual leaks that make up COMB21. A quick glance also reveals usernames and passwords for services like Netflix, Gmail, Yahoo, Hotmail and more.
According to CyberNews, in addition to government data, there are more than 200 million Gmail addresses and 450 million Yahoo email addresses. It should be noted that Netflix and Gmail never reported having been victims of a data breach . Microsoft, for its part, was a victim of hackers in 2019. The same happened with Yahoo in 2016.
The problem with these databases with personal information circulating on the Internet is that they can be used by other hackers to mount identity theft, scams and phishing campaigns . In addition, the danger is increased in users who use the same passwords in several services.
