ShellCodeX Breach Report
Anti Public Combo List Data Breach
Unverified
Passwords exposed
Accounts exposed
457,962,538
Breach date
16 Dec 2016
Added to tracker
04 May 2017
Data classes
2
What happened
In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.
Exposed data
Email addresses
Passwords
Recommended actions
- Change your Anti Public Combo List password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Anti Public Combo List โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP