In February 2021 cybersecurity researchers discovered a treasure trove of breached records which seemed to add onto previously gathered leaks from 2019. Dubbed the Compilation of Many Breaches (COMB) by the supposed perpetrator who posted it on hacker gathering spot, raidforums, the collection included over 3 billion unique account passwords and up to 15 billion matching email addresses. Though the impact of this type of data dump is still being questioned, experts caution anyone whose login information is featured in COMB to beware of potential credential stuffing attacks that could follow.
COMB a Compilation of Past Data Breaches and Leaks
Researchers that have been able to scour through the data, as well as comments on the hacking forum itself, indicate that most of the login details in this collection were taken from past dumps previously shared through the Dark Web. This follows a continuous trend seen with these leaks, where cybercriminals with less sophisticated skills will try instead to profit off files and tools acquired from more professional hackers. They will leverage the underground ecosystem through sites like raidforums to be able to sell the resources they have collected at a deep discount to other amateur who lack the knowledge to pull off grander schemes by themselves.
Hacked Passwords May Include Netflix and LinkedIn Logins
One potentially worrying point in COMB is that a number of credentials come from very popular platforms with a high volume of users, including Netflix, LinkedIn and Gmail, among many, many others. The list also includes logins for websites and services that are less reputable but still frequently trafficked, such as Bitcoin and even another hacker forum called Exploit.in that caters to Russian speakers. The compilation, just as the others before it, is meant to hold as many corresponding email addresses and passwords as possible to drive up its value to potential buyers.
Severity of Compilation Leaks
It is important to note when measuring the severity of these types of leaks that all the information had already been stolen in a previous breach, and the person selling it is rarely the same threat actor. That factor is dangerous in itself, but the posting of a huge data dump such as COMB does not necessarily add any more to the risk that was already there, and the massive volume of records reflects a diminishing value for individual credentials.
Findings from researchers and comments on raidforums reveal that many of the files were corrupted and of generally low quality, and the user responsible for posting it was ultimately banned. Access to the entire collection could be had for only $2 because of how much of the data had already been featured and used – virtually all of it been included in one previous dump or another in the Dark Web.
COMB Included Passwords of Florida Water Supply That Was Hacked
Despite the statistical improbability of COMB generating new cyber threats, a recently attempted hack on a water treatment facility in Oldsmar, Florida has led some to believe that it was tied to credentials found in the compilation. Several email addresses belonging to users of the plant’s IT systems were found in the collection, and the attack was facilitated through software that allowed remote access to the industrial control system (ICS) functions. The culprit raised the chemical levels in the water to potentially fatal levels, however, the facility manager fortunately noticed the change immediately and quickly corrected the issue.
Muddling the identification of the threat is that the majority of those Oldsmar emails found in COMB were in also in an earlier compilation from 2017, and planning for the hack would still require some time for social engineering tactics. It does reflect a real danger, though, of potential amateur cybercriminals or nation-state hackers leveraging this data for short-term attacks. Indeed, the Florida water supply hack is exactly the type of cyber infrastructure breach that Iran has attempted in the past and could reflect their chaotic, often widely outsourced cyber attack methodology.
Protect Yourself Against Data Breaches and Hacked Passwords
As a general rule of thumb, we always advise to have a password policy in place and to make regular changes to your passwords to minimize the threat of compromised credentials. Beyond that, SWK Technologies can provide several cybersecurity solutions and services that enable you to determine if any of your login credentials appear in the Dark Web, and to take the steps to protect your system from a breach. We will deliver the tools and training you need to prepare against, adapt to and overcome the various cyber threats that can affect your business.
Contact SWK today to learn more about our cyber threat protection services and how they will secure your business against the dangers of data breaches.