After one of the biggest leaks of passwords dubbed “COMB21”, Brazilian security firm Syhunt has recommended, among other things, that:
- Innovations in the field of authentication should be supported, pursued & put in place.
- Multi-factor authentication (MFA) & tokens, more than ever, should be widely encouraged.
- The replacement of broken password hashing (MD5, SHA1 etc) should be more aggressively pursued through source code analysis, deprecation (SAST) & additional means.
- Users should be advised not only to change existing passwords, but to completely break with password naming habits & patterns when changing a password. They should be encouraged & assisted to adopt strong passwords more than ever.
The Syhunt Team following customer & media requests, it had analyzed the COMB21, the biggest known compilation of password leaks published on Feb 2, 2021 by a hacker on the same Internet forum that last month hosted links & information about the mega leak of Brazilian data.
The team concluded that not only the leak exposes current & past passwords, but gives insight on key password elements & patterns, & reuse & changing habits of individuals & organizations from all around the world “in a dangerous & unprecedented way: in many cases, between 3 to 30 passwords linked to an unique email were exposed, which gives insight on a person’s password changing habits. And when a password repeats with an identical username at multiple domains, someone with password reusing habit is exposed.”
In the new development, a staggering total of 3.28 billion of passwords were exposed, linked to 2.18 billion unique emails, compiled into a single file & published through a link on the forum. This time the leak was fully published for free & the archive is being actively shared among hackers and cybercriminals in the form of a single, 7zip compressed archive.
For more on COMB21, click here.
Image credit: Syhunt