3.28 billion passwords linked to 2.18 billion unique email addresses were exposed which is considered to be one of the largest data dumps of breached usernames and passwords.

Besides, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the U.K (205,099), Australia (136,025), Brazil (68,535), and Canada (50,726).

The findings came after the analysis of a massive 100GB data set called “COMB21” — aka Compilation of Many Breaches — that was published for free in an online cybercrime forum earlier this February by putting together data from multiple leaks in different companies and organizations that occurred over the years.

A leak does not mean a breach of public administration systems. The passwords are said to have obtained through techniques such as password hash cracking after being stolen or through phishing attacks and eavesdropping on insecure, plaintext connections.

The top 10 U.S. government domains affected by the leak include

  • State Department – state.gov (29,144)
  • Veterans Affairs Department – va.gov (28,937)
  • Department of Homeland Security – dhs.gov (21,575)
  • National Aeronautics and Space Administration – nasa.gov (15,665)
  • Internal Revenue Service – irs.gov (10,480)
  • Center for Disease Control and Prevention – cdc.gov (8,904)
  • Department of Justice – usdoj.gov (8,857)
  • Social Security Administration – ssa.gov (8,747)
  • U.S. Postal Service – usps.gov (8,205), and
  • Environmental Protection Agency – epa.gov (7,986)

This leak also includes 13 credentials linked to emails of the Oldsmar water plant in Florida. But there is no evidence that the breached passwords were used to perform the cyberattack in February.

In contrast, only 18,282 passwords related to Chinese government domains and 1,964 passwords from those related to Russia were laid bare.

Syhunt Founder and Chief Visionary Officer (CVO) Felipe Daragon states that it is an indication that the passwords in these countries, made up of local alphabets, are less targeted by hackers. It is an unexpected layer of protection in relation to the Roman alphabet.

The post 3.2 billion leaked passwords contain 1.5 million records with government emails first appeared on Cybersafe News.

You May Also Like

Lessons learned from the ANPR data leak that shook Britain

On April 28, 2020, The Register reported the massive Automatic Number-Plate Recognition…

Did Facebook’s business model make the company an easier target for cybercriminals?

Facebook co-founder, Chairman and CEO Mark Zuckerberg arrives to testify before the…

How Russian created a deepfake video of Ukrainian president Volodymyr Zelenskyy telling its citizens to lay down arms

During the latest hours, a deepfake video in which Ukrainian President Volodymir…

Big electric company loses all customers records and bills from the last 25 years after massive hack

The Delta-Montrose Electric Association (DMEA), the Colorado state electric power company, is…