Following the noise created in 2017, an unknown adversary again published an enormous collection of compromised email credentials with a password with a total count of over 3.2 billion doubling the number from the previous collection of 1.4 billion. Tagged as Compilation of Many Breaches (COMB), the collection of credentials consists of breaches from the past years from known social media and streaming accounts wherein the email domains are registered worldwide.
The Cybersecurity experts who stumbled upon the data breached from a known hacking forum confirmed that most listed credentials are tested to be working up to this date. Also, the compilation was observed to be presented in a more sophisticated way as the database can sort and querying, thanks to database indexing, searching is done faster.
This current threat from Compilation of Many Breaches is very alarming.
It can lead to more damaging result such as compromised email credentials can be used to perform spear-phishing attacks or aggravated email spamming that can initiate company breaches for accounts that used corporate emails. Personal email credentials could lead to account takeover that an adversary can fraud victim service subscription and deface social media accounts. At the same time, people on the victim’s contact list can also be attacked.
The listed possibilities above are only a few things that can result from the Compilation of Many Breaches data exposure. An awareness that is to be continuously shared and for everyone to be secured in the cyberworld. Based on the statistics, most people used the same credentials on multiple accounts such as social media, email services, and online subscriptions. This norm makes it easier for the adversary to attack and compromise a specific individual as in layman’s terms, one key to open all doors.
The best recommendation that cybersecurity experts can provide to the public is to update their passwords regularly. They must never reuse their previous password and ensure that they create a strong password that is long and consists of alphanumeric and special characters. Also, social media platforms or service owners must secure to add multi-factor authentication on their application and if possible, to push it as a requirement to add security for their users. People who are having a hard time remembering their credentials can use Password Manager apps to help them.
The compiled repository has been contained, but this does not mean that the threat is now gone. Though the adversary’s motive is still unknown, like in the previous leakage, the database’s mere existence is already an imminent danger to everyone. Free or paid apps can be used to check whether your email account has been compromised. Suspecting or not your account has been compromised, it is better to be proactive and perform recommendations reiterated above.