• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 16th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
Leaks

Anti Public Combo List with Billions of Accounts Leaked

May 5th, 2017 Waqas Hacking News, Leaks 0 comments
Anti Public Combo List with Billions of Accounts Leaked
Share on FacebookShare on Twitter

There are so many data breaches these days that it’s almost impossible to keep a track of them. From billions of Yahoo accounts to millions of LinkedIn and MySpace accounts the whole thing is out of control.

But then there are people dedicating time to track large-scale breaches. One of them is Troy Hunt from Australia whose running Have I been pwned (HIBP) platform and has recently discovered two different “combo lists” containing 593,427,119 and 457,962,538 = 1,051,389,657 user login credentials.

According to Hunt blog post,

  • “In December 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Anti-Public”. The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for “credential stuffing”, that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. The information was just recently released and I was one of the victims, so I thought I would share with everyone. Stay safe online everyone. Change your passwords often!”

Screenshot shows the leaked data Hunt got his hands on

While discussing the second list Hunt said that: 

  • “It’s a collection of 111 text files totaling just over 24GB. It’s the same deal as Anti-Public in that it’s just masses of email address and password pairs. By virtue of my own unfortunate inclusion there, I also know that it absolutely, positively contains accurate credentials (I’m sure mine is not the only correct one). Furthermore, it contains data that’s not in either the Anti-Public list or in HIBP. It also has 593,427,119 unique email addresses. Crikey. I was conscious that there could be a great deal of crossover between the two lists so I joined them together and found that “only” 222 million of the accounts were common so in other words, 63% of the accounts in Exploit.In were not in Anti-Public (I’ll know how many were already in breaches in HIBP once I load the data). So between the two lists, that’s a total of 1,051,389,657 accounts which means a size increase in HIBP of 39% by record count and brings the service up to 3.75 billion records in total.”

For now, Hunt has uploaded over 1 billion breached accounts on HIBP containing collections of email addresses and passwords from around the world, the authentication of which has been confirmed by Hunt himself. Although unconfirmed yet, it seems like the hackers, scammers, and cybercriminals developed these lists from various systems and previous large-scale data breaches including VerticalScope, MySpace, LinkedIn, Twitter, Dropbox, Yahoo, Tumblr and Adobe Systems etc.

Hunt has also revealed, “75.78% of the leaked addresses were already in HIBP database.” This means the lists were defiantly developed with the help of previous data breaches. As a security journalist, I can confirm my personal email account is also on the list.

1 billion new records in @haveibeenpwned from different unknown sources.Lot of people will be notified they're pwned https://t.co/qDkz7t3IbR

— John Opdenakker (@j_opdenakker) May 5, 2017

Meanwhile, we highly recommend visiting Hunt’s post here and his Have I been pwned (HIBP) platform to check whether your email is on the list. If it is, change its password right now and also use a password manager to get hold of a strong password. Furthermore, make sure you are not using the same password on other sites but if you are; make sure to change all passwords before it’s too late. 

Remember, hackers, scammers, and cyber criminals can conduct identity theft scams, social engineering attacks and even steal your banking details using your personal data. 


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • breach
  • Cyber Crime
  • Data
  • hacking
  • internet
  • LEAKS
  • Password
  • Privacy
  • Scam
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Bank Accounts Hacked Through a Vulnerability in The Global Mobile System
Next article Parents lose custody of kids after YouTube pranks
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
SolarWinds Hack - US officially Blames Russian Intel Agency Hackers

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers

ParkMobile parking app data breach - 21M user records stolen, sold

ParkMobile parking app data breach - 21M user records stolen, sold

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
2021 and Emerging Cybersecurity Threats
Security

2021 and Emerging Cybersecurity Threats

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers
Cyber Crime

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers

ParkMobile parking app data breach - 21M user records stolen, sold
Hacking News

ParkMobile parking app data breach - 21M user records stolen, sold

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us