In cybersecurity, a "combolist" is a text file containing lists of login credentials stolen from previous data breaches [1, 2]. This specific list is marketed or shared in underground forums with several key characteristics:
: This label suggests the data has been "cleaned" or "refined" to remove duplicates or junk data, making it more effective for automated attacks [3]. In cybersecurity, a "combolist" is a text file
: Use services like Have I Been Pwned to see if your email is part of this or other known breaches [1]. : An attacker loads the 1
: An attacker loads the 1.39M credentials into a "checker" or "sentry" bot [2]. complex passwords for every site [6].
: Never reuse passwords between services. Use a dedicated password manager to generate unique, complex passwords for every site [6].
: Enable hardware-based (YubiKey) or app-based (Google Authenticator) MFA. Avoid SMS-based MFA, as it is vulnerable to SIM swapping [7].