We’ve been asked to provide our point of view regarding 4iQ’s recent article advertised as “Largest Credential Breach Exposure”. The eye catching beginning of the article can be seen here:
The short of the story is that 4iQ picked up a combolist. Research organizations find these lists in the Underground on a frequent and routine basis. Combolists are usually not that interesting from a security standpoint because they are full of duplicate records. In many cases, duplicates of duplicates of duplicates.
SpyCloud discovered this same combolist in late November. We compared it to our existing data set and originally discarded the majority of records in the combolist since they were already in our system – from the original breached sources. However, per customer request, we’ve decided to ingest the entire list. Since we mark each record with a sightings count, our customers will know clearly if this is a new record or a duplicate of a previous breach and can act accordingly.
If you would like to see if your credentials are in this combolist, you can activate a free individual account on our website. We provide free subscriptions to individuals – fully automated and secure, allowing you to see the full context that the threat actors have on you. In addition, we give you the ability to click on “sightings” so you can see how many times the credentials have been seen in prior breaches and more than likely where they originated.
Go to spycloud.com and click “TRY FOR FREE” to see your exposure for free. Follow the prompts to see the full details and our system will send you a verification message to your email address to ensure you own the email account in question. In addition, we will send an alert if your credentials are ever found floating around the underground in the future.