cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

Compilation of Many Breaches (COMB)

More than 3 billion user credentials were just posted online as part of a data breach compilation that’s mind-boggling in its scale. This collection of user data is being called the COMB, or the “Compilation of Many Breaches.” This is not the result of a new breach - rather, it pulls together stolen user data from previous breaches of services like LinkedIn and Netflix.

 

Check you email here.

 

data breach.GIF

 

 

 

2 Replies
denbesten
Community Champion

Re: Compilation of Many Breaches (COMB)

Another useful technique is for to register your entire domain for notifications.  We have the notification emails sent directly to our IR team.  

CISOScott
Community Champion

Re: Compilation of Many Breaches (COMB)

Doing this will also allow yourself to find out how your users are misusing company email. I found users who were using their company email to register for things that the company did not want to be associated with. Some were innocuous but still not approved use of the company email system, i.e. dating websites, hobby websites, shopping websites, loyalty rewards websites, etc..

 

Whenever I got a hit on the domain email, I would go interview the user to see if they used the same passwords across multiple sites AND for the company login. I would also take them to the haveIbeenpwned website and have them check their personal emails for breeches as well. That way they would be aware which of their passwords were known and to not use them ever again.