COMB data breach

3.2 billion credentials (emails and passwords) rinsed up, cleaned out and COMBed

on 18th February 2021

Authlogics detect shared and breached passwords offering priority protection

BRACKNELL 18th FEBRUARY 2021 – The COMB (Compilation of Many Data Breaches) data breach consists of many previous data breaches that include large companies like LinkedIn, Hotmail, and Netflix culminating in over 3.2 billion compromised credentials (emails and passwords) being reported. The victims of this breach will be those that have used the same password across multiple accounts, therefore, exposing corporations to cyberattacks and becoming targets themselves of future phishing attacks, credential stuffing, and threat actors with the leak of individuals’ email addresses and shared passwords. This breach is extremely dangerous as included with the data is a basic lookup tool to make it easier for bad actors to look up specific email addresses and target victims quickly.

With 70% of online users around the world being at risk, Authlogics, recently awarded Best Password Compliance Specialist – Global, have reacted with great speed to process the new data into the Authlogics Password Breach Database that already holds over 2 billion credentials and 520 million breached clear text passwords.

Authlogics prioritize their customers and have already uploaded the compromised credentials within this data breach of their existing customers, while the vast amount of remaining data is being processed as quickly as possible. Authlogics processed 3.4 million credentials of their customers providing them with priority protection within 12 hours. This means that Authlogics Password Security Management customers can automatically force their users to change their passwords if they have been compromised.

The statistics from processing the 3.4 million priority customer records:

  • 2 million were already in the Breach Database (94% existing coverage).
  • 190,442 new passwords for previously breached email addresses.
  • 38,936 new passwords with new email addresses.
  • 134,157 new unique clear text breached passwords.

The initial breach purported to contain 3.2 billion records, however once the duplications, non-valid email addresses, blank passwords, and hashed passwords were removed from the data dump, it left “only” 2.5 billion valid credentials to be reviewed. Authlogics will release more statistics about the remaining data once the processing has completed.

With award-winning technologies, Authlogics have the unique functionality embedded within the Password Security Management that detects shared and breached password through the Password Breach Database and offers real-time retrospective protection by forcing password change and disabling breached accounts.  The PSM also benefits from matching breached social media and public accounts with users credentials when compromised.

Technical Security Architect, James Westgate, was involved with processing the data and confirmed “all of our customers and other domains in the Password Security Portal had their details loaded into our database to assess their credentials. PSM customers can be assured that their domains are protected from now, with password change requests applied.  All affected customers will have received priority notification.”

Authlogics CEO, Steven Hope, explains “Uploading such a large breach data dump is time-consuming and complex, given the detailed way we process it, however the end result is extremely beneficial for our customers highlighting the behaviour and risks of their users. Situations like this prove why our data processing methodology of prioritising data that affects our customers is so important.”

If you are concerned that your corporate credentials have been compromised, check the Authlogics Password Breach Database to find out. Authlogics also provides comprehensive password security audits and risk reports for enterprises looking to validate whether their corporations have been exposed.

About Authlogics

Authlogics are global market leaders, in password compliance and user authentication, providing a complete end-to-end authentication solution that is quick to deploy and easy to use. Authlogics offer secure Password Security Management and Multi-Factor Authentication to enable the end-user to migrate to a passwordless login. The company focuses on:

  • Reducing the complexity of existing passwords
  • Ensuring regulatory compliance
  • Removing risk and replacing passwords
  • Providing passwordless and deviceless login options

From its unique password compliance solution through to the award-winning multi-factor authentication technologies, Authlogics allow users to operate in a completely passwordless environment, whether on mobile, desktop, or cloud, with a simple and memorable login experience.

 

www.authlogics.com

+44 1344 568900 (UK / MEA)

+1 408 706 2866 (US)

info@authlogics.com

in Customer Experience, Data Breach, Password, Security
tags: , , , , , , ,

Leave a Reply