A database containing 3.2 billion identifiers and passwords linked to Gmail, Hotmail, LinkedIn or even Netflix accounts was recently shared on forums dedicated to hacking.

However, this is not a massive leak, but a compilation of data that has been online for several years.

DECRYPTION

Billions of data stolen and then gathered.

3.2 billion usernames and passwords associated with Gmail, Hotmail, LinkedIn or even Netflix accounts were aggregated in a database, then shared on forums dedicated to hacking, reports the British online newspaper BGR.

The information is however less alarming than it seems.

Indeed, these billions of identifiers were not recovered via a single breach but gleaned from various forums, where data has been accumulating for several years.

"Most of the data actually dates from 2017", explains a cybersecurity researcher joined by Europe 1. He adds: "There is no cause for alarm."

Partly obsolete data

The new database was also called COMB, for "Compilation of many Breaches".

"It is quite common in the community. On specialized forums, hackers publish messages claiming that they are in possession of a certain number of identifiers. But in reality they are often impostors, people who seek to make money by reselling old leaks grouped together and made up to give the impression that they are new ", continues this researcher.

Some of this data is also likely to be obsolete since users, often warned by the platforms at the time of the leak, had plenty of time to change their password. 

A risk remains despite everything.

"By cross-checking the archives for accounts created with the same email address, the hackers behind this file were able to decipher hitherto hidden passwords."

Clearly, if the same address corresponds to a Gmail account in one file where the passwords appear and to a Netflix account in another, where the passwords are encrypted, the hackers will cross this information in the hope that the user uses twice the same. 

Watch out for unique passwords

"This brings the problem of unique passwords back to the table. If you use the same password for all your accounts, you expose yourself. Too many people are not careful and hackers take advantage," said the researcher.

As a reminder, varying a number, transforming a lowercase to uppercase or adding a symbol does not make a big difference for hackers.

A single hacked account is always enough in this case to be seriously exposed. 

To allow Internet users to know if one of their accounts appears in this new database, the BCR newspaper has created a dedicated search engine.

You'll find it here.