Click to Skip Ad
Closing in...

3.2B email and password pairs were just leaked in the mother of all data breaches

Published Feb 5th, 2021 3:34PM EST
Data breach
Image: Minerva Studio/Adobe

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

  • More than 3 billion user credentials were just posted online as part of a data breach compilation that’s mind-boggling in its scale.
  • This collection of user data is being called the COMB, or the “Compilation of Many Breaches.”
  • This is not the result of a new breach — rather, it pulls together stolen user data from previous breaches of services like LinkedIn and Netflix.

Most of the data breaches you read about involve hacks of specific companies or organizations. A hotel’s credit card database was breached, for example, or an email service provider was hacked, exposing customer data and login credentials which can be used in turn to access more customer data. A newly posted cache of stolen customer details, however, takes this trend to an exponential and much more disturbing level.

This breach that’s just resulted in more than 3.2 billion email-and-password pairs being posted online has been dubbed COMB, the Compilation of Many Breaches. The name is apt because this mother of all data breaches is exactly that — an amalgamation of existing data that had been stolen as part of previous breaches and leaks from companies like Netflix and LinkedIn.

What you need to know: This is a massive repository of individuals’ data that’s been posted online, but it’s not the result of a new hack or data breach. Thanks to reporting from CyberNews, we also know this so-called “Compilation of Many Breaches” may be the biggest-ever compilation of hacked user credentials ever posted online before. Furthermore, contained herein is user data that comprised a 2012 data breach at LinkedIn, which involved 117 million accounts, as well as stolen Netflix login data that started showing up online — that was thanks in part to users who make the rookie mistake of recycling user names and passwords across different services.

Actions you can take: One of the risks here, as CyberNews notes, is that if you use the same login across services like Netflix and Gmail, attackers can use the data of yours that they’ve stolen to shift toward your more important accounts and attack those. Anyone whose data is included in the COMB collection may also find themselves the target of a new wave of spear-phishing attempts, as well as an influx of email spam.

Head over to Cybernews’ own data-leak database, which you can use to see if your email address is part of the compromised emails in this collection.

Take this as an opportunity to also go ahead and change your email password, which you should be doing regularly, anyway. And don’t choose something you can remember — the password should be on the longer side and unique, with a mix of upper- and lower-case letters, plus numbers and special characters. And whatever you do, absolutely do not reuse passwords. A password manager is a great way to keep all of your logins straight across the myriad services we all use on a daily basis.

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.