In one of the biggest data dumps of leaked usernames and passwords, a whopping 3.28 billion passwords linked to 2.18 billion unique email addresses were revealed.
Furthermore, the leak contains 1,502,909 passwords associated with email addresses from government domains around the world, with the United States accounting for 625,505 of the leaked passwords, followed by the United Kingdom (205,099), Australia (136,025), Brazil (68,535), and Canada (50,726).
The study is based on an examination of a huge 100GB data collection named “COMB21” — aka Compilation of Many Breaches — that was made public for free in an online cybercrime forum earlier this February by combining data from numerous data breaches of various organisations over the years.
It’s important to note that a leak does not mean a security breach in public administration systems. After being stolen, the passwords were allegedly obtained using methods such as password hash cracking, phishing attacks, and eavesdropping on vulnerable, plaintext connections.
As stated by CyberNews, this leak also includes 13 credentials linked to emails from the Oldsmar water plant in Florida. However, there is no proof that the compromised passwords were used to carry out the February cyberattack. Just 18,282 passwords from Chinese government domains and 1,964 passwords from Russian government domains were exposed.