Nearly 3.28 billion passwords linked to 2.18 billion unique email addresses have just been exposed online. This represents one of the biggest dumps of user data of all time.
the leak includes 1,502,909 passwords associated with government domain email addresses around the world, with the US government alone taking 625,505 exposed passwords, followed by the UK with 205,099 words. pass, Australia (136,025), Brazil (68,535), and Canada (50,726).
This impressive but sad record comes from the analysis of a huge data set over 100 GB, called “COMB21” (Compilation of Many Breaches). A dump posted for free on an online forum discussing cybercrime in early February of this year. This gathers data from several leaks, different companies and organizations.
As TheHackerNews points out, this leak did not involve a violation of the American, British, Australian, Brazilian, and Canadian public administration systems. Presumably, these passwords were obtained through techniques such as phishing attacks or eavesdropping on insecure connections.
Our colleagues also indicate that many American government institutions have been affected by this leak. These include the Department of State (state.gov), the Department of Veterans Affairs, the Department of Homeland Security, the National Aeronautics and Space Administration (NASA), the Internal Revenue Service , the Department of Justice, the Social Security Administration or the United States Postal Service.
Interestingly, only 18,282 passwords linked to Chinese government domains and 1,964 passwords linked to Russia were exposed by hackers. Of course, users who have had their information exposed are strongly advised to quickly change their existing passwords. If you are in doubt, you can always check if your email address is part of the bundle at https://haveibeenpwned.com.