- Aug 2, 2020
A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords.
In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the U.K (205,099), Australia (136,025), Brazil (68,535), and Canada (50,726).
The findings come from an analysis of a massive 100GB data set called "COMB21" — aka Compilation of Many Breaches — that was published for free in an online cybercrime forum earlier this February by putting together data from multiple leaks in different companies and organizations that occurred over the years.
It's worth noting that a leak doesn't imply a breach of public administration systems. The passwords are said to have been obtained via techniques such as password hash cracking after being stolen or through phishing attacks and eavesdropping on insecure, plaintext connections.
1.5 million credentials associated with government domains have been discovered in 3.2 billion leaked email and password dumps.