3.2 billion emails and passwords exposed online — what you need to know

News
By published

Big batch of stolen credentials

Businessman makes a phone call as the words 'Security Breach' pop up on his computer screen.
(Image credit: Rawpixel.com/Shutterstock)

A whopping 3.2 billion password-username pairs are up for grabs in an unnamed online hacking forum. But don't panic — the data is nothing new. It's a compilation of stolen credentials from dozens of old data breaches, some going back ten years.

That doesn't mean you shouldn't be aware that your old passwords are floating out there. Yes, your passwords, and ours too. Pretty much anyone who's ever created more than three online accounts has had a password compromised by now.

This new treasure trove of dusty old data was publicized by Lithuanian English-language website Cybernews, which says the compromised credentials are a mishmash of data from breaches at LinkedIn (2012, 117 million compromised accounts), Netflix (we don't actually remember any Netflix data breach) and others. 

We haven't seen the data ourselves, but we imagine that the massive Yahoo breaches of 2013 (3 billion) and 2014 (500 million) are probably in there somewhere. 

Cybernews said the database is being advertised as the "Compilation of Many Breaches (COMB)." It's in a password-protected container, and the data has been cleaned up, categorized and made searchable. The password to the container is available to authorized users of the hacker forum.

"Most of the contents are almost all publicly available," the poster who put up the link in the hacker forum writes in a screen grab captured by Cybernews. "All data is in an alphabetical tree-like structure," and "a query script is included."

The link poster said the total number of credentials amounted to 3.8 billion, but Cybernews got hold of the data and boiled it down to 3.2 billion after removing duplicates.

How you can minimize the damage from data leaks

So what do you need to do about this? You can use Cybernews' own data-leak checker, which claims to hold 2.5 billion compromised email addresses, to see if your email address is in the mix. 

You can also use Australian security researcher Troy Hunt's HaveIBeenPwned website, which checks both your email address and your password, but never at the same time. Odds are that at least one of your old passwords and some of your email addresses are in at least one of these databases. 

But overall, you need to observe a few simple rules.

1) Data breaches happen, and it's not your fault.

2) Don't reuse passwords. If you do, a data breach affecting one of your accounts will affect many others too.

3) Make all your passwords strong and unique.

4) Using one of the best password managers will make Rules 2 and 3 easy to follow.

See more Computing News
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
Apple Watch Ultra 2
Apple Watch Ultra 3 just tipped for two major upgrades
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
More about online security
23andME box

23andMe has declared bankruptcy — here's how to delete your data now

A man filing his taxes electronically on a laptop

AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
Amazon Big Spring Sale phone deals.

Amazon Big Spring Sale: 17 best phone deals you can get right now
See more latest
Most Popular
Robert Pattinson in "Mickey 17" movie (2025)
5 top new movies to stream this week on Netflix, Prime Video and Disney Plus (March 25-31)
Apple Watch Ultra 2
Apple Watch Ultra 3 just tipped for two major upgrades
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #387 (Tuesday, March 25 2025)
Two members of our review team photographed during a pressure relief test on the Saatva Classic mattress, with one typing notes into a laptop and the other measuring the amount of sinkage caused by a 56lb cast iron weight being dropped into the middle of the Saatva Classic mattress
People with this bed type are most satisfied with their mattress — and it’s not what we expected
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
half-life alyx
Latest Half-Life 3 rumors point to a 2025 release — and maybe pigs will fly