Hackers have just put online a database of 3,2 billion stolen accounts. Called COMB, this leak is one of the most massive in recent years. It is possible to check the presence of your email in the file. Here's how to tell if your security is at risk.
Our colleagues from CyberNews have just put online one of the largest databases with stolen login and password pairs during various attacks from companies like Netflix and LinkedIn. Called COMB for Compilation of Many Breaches, this data leak is therefore not the result of an unprecedented hack, but compiles many past hacks - without giving the details of these hacks. Among the biggest hacks of recent years, we remember in particular:
- Adobe (October 2013, 153 million accounts)
- Adult Friend Finder (October 2021, 412,2 million accounts)
- Canva (May 2021, 137 million accounts)
- eBay (May 2021, 145 million accounts)
- Equifax (July 29, 2021, 147,9 million accounts)
- LinkedIn (2012 and 2021, 165 million accounts)
- Marriott International (2021-2021, 500 million accounts)
- My Fitness Pal (February 2021, 150 million accounts)
- MySpace (2013, 360 million accounts)
- NetEase (October 2021, 235 million accounts)
- Sina Weibo (March 2021, 538 million accounts)
- Yahoo (2013-2021, 3 billion accounts)
CyberNews has built a search around the leak to check, much like the HaveIBeenPwned site, if your email is part of the leak. For security purposes, the search engine does not tell you exactly which account is affected - and only recommends that you change all the passwords associated with your email address.
Also read: Here are the top 200 worst passwords of 2021
How to tell if your account is part of the massive leak
For it :
- Click here to access the COMB database (via CyberNews)
- Enter your email address in the search field
- Press the green button CHECK NOW
- A message tells you if your email address is present in the database or not, and invites you to change your passwords if necessary
Note that there are also two other very comprehensive databases: HaveIBeenPwned and HPI identity Leak Checker from the Hasso-Plattner-Institut. It is recommended to also verify the presence of your email address in these reputable databases which are maintained by security researchers. We underline it, in no case do these sites reveal any clear information such as the password associated with your address. These sites are simply built to tell you whether or not your email address is part of the password leak.
Of course, you are strongly advised not to take the presence of your email in one of these databases lightly. Access to one of your accounts, whether it is a social network account, that of your email address, or a service related to your business can give hackers access to extremely sensitive data or systems. . And if your data is in these databases, it may mean that malicious actors can exploit it. Recently, for example, a hacker managed to hack the water supply of a city in Florida and tried to poison it by taking control of the water authority and adding disinfectant to levels dangerous for health. human.
The story does not say exactly, but this type of fraudulent access is often the result of hacking into employee accounts. So how can you better protect yourself?
- Change passwords regularlye - follow our advice to choose more secure passwords
- Avoid using the same password on multiple accounts, even if it seems safe to you
- Generate and manage your passwords with a manager like 1Password or LastPass
- Enable two-factor authentication on sites and services that allow it
- Protect your accounts most sensitive with a FIDO physical security key
- Share
- Tweet
- Share
- Envoyer à un ami
