four questions on the distribution of a file containing several billion passwords


Billions of passwords in nature. Wednesday February 5, the specialized site BGR (link in English) announced that a “user data collection” had been uploaded. It may be, depending on the site, “Largest Compilation of Hacked User Credentials Ever Released Online”. It includes access to the professional social network LinkedIn or to the Netflix video platform. Here are four questions that arise in front of this information.

What happened ?

The leak concerns more than 3.2 billion email and password pairs, according to BGR. They have been combined in a file named “Comb” for “Compilation of Many Breaches”, or “compilation of numerous data leaks”. So this is not the result of a new hack, but rather “a merger of existing data that had been stolen in previous leaks from companies like Netflix and LinkedIn”, details the site.

What are the possible consequences?

The number of passwords revealed is impressive, but the leak will undoubtedly have less impact than it seems. “It’s quite common in the community. On specialized forums, hackers publish messages to claim that they are in possession of a certain number of identifiers. In reality, they are often impostors, people looking to make money by selling old leaks bundled together and made up to make them look like new “, explains a cybersecurity researcher at Europe 1.

It is therefore possible that a large part of this data is old and the passwords contained in the file are no longer up to date. However, hackers may attempt to use credentials in this file to access other accounts, for example, by testing credentials found during a Netflix leak on platforms like Gmail, Facebook or Amazon. .

How do I know if my login details are included?

The CyberNews site has set up a search engine that references the identifiers that have been leaked. There are currently 15,212,645,925 endangered accounts and 2,563,218,607 email addresses. You just have to go to this page (in English) and enter your email address to find out if your credentials have been revealed during hacks.

What to do now ?

Regardless of the search engine’s response, CyberNews invites all of its readers to change their password habits online. The site lists two tips: using a password manager, which generates complex combinations and remembers them, and using two-factor authentication, which verifies the user’s identity in pairs. different means, with an additional SMS or email for example.

If these methods seem too complex to implement, consider incorporating special characters, capitals and numbers into your passwords, not using a single code for all your online accounts and changing them. regularly.


Leave a Reply

Your email address will not be published. Required fields are marked *