3.2 Billion leaked credentials aka. COMB – CompilationOfManyBreaches database

First of all what is COMB ?

The COMB (Compilation of Many Breaches) database is a collection of more than 3.2 billion unique email and password pairs that were compromised in various data breaches. The database was first discovered in February 2021, and it contains data from breaches that have occurred over the years, including well-known breaches such as LinkedIn, Dropbox, and Adobe.

The COMB database differs from other databases of compromised credentials in that it consolidates data from multiple breaches into a single searchable database. This makes it particularly valuable to cybercriminals, as it allows them to easily find valid username and password combinations for a large number of accounts across multiple platforms.

It’s important to note that the COMB database does not contain any new data breaches, but rather a compilation of data that has already been exposed in previous breaches. Nevertheless, the database poses a significant threat to individuals and businesses alike, as cybercriminals can use this information to carry out credential stuffing attacks, where they use automated tools to test the stolen credentials against various websites and services in an attempt to gain unauthorized access.

If you suspect that your email or password has been compromised, you should change your password immediately, enable two-factor authentication on all your accounts, and monitor your accounts for any unusual activity.

1. Prerequisites

Since the query.sh script is in bash, you’ll need to be on a UNIX system or using WSL for Window.

You’ll need the original COMB 7zip archive, and to have h8mail installed.

h8mail is a tool for finding compromised email addresses and their passwords from these data breaches. When you combine this tool with others such as TheHarvester or the crosslinked tool, you can harvest email addresses from an organization and then test to see if they have been compromised.

How to install h8mail:

Finding the COMB

I’m not going to link the database, but it should be fairly easy to find utilizing Github, Reddit and other online resources.

In most cases the same password is used for decryption across different download mirrors.

Unpack the COMB database:# > bash # > apt install p7zip-full > 7z x CompilationOfManyBreaches.7z -p”+w/P3PRqQQoJ6g”
> ls -la CompilationOfManyBreaches/

2. Search for compromised emails

> h8mail -t test@example.com -sk -bc ./CompilationOfManyBreaches/

3. Search for domain users

> h8mail -t example.com evilcorp.com -sk -lb ./CompilationOfManyBreaches/ –loose > h8mail -t “Yourefired” “Another_s3cretP@ss” -sk -lb ./CompilationOfManyBreaches/ –loose