Technology
cybersecurity

PWCOMB21 leak sees 1,921 stolen passwords from .gov.ph sites among 3.28B total

Victor Barreiro Jr.
PWCOMB21 leak sees 1,921 stolen passwords from .gov.ph sites among 3.28B total
The 3.28 billion passwords – linked to 2.18 billion unique emails – are compiled into one 18.6 gigabyte file, then published for free

On February 2, some 3.28 billion passwords were published on a forum online, now collectively called the PWCOMB21 (Password Compilation Of Many Breaches Of 2021) leak. In the analysis of the leak by Brazilian network security company Syhunt, published Monday, April 26, it was revealed that 1,921 Philippine government passwords were part of the compilation.

The 3.28 billion passwords – linked to 2.18 billion unique emails – were compiled into one 18.6 gigabyte file, then published for free. Syhunt scanned the entire archive for the purpose of releasing a report.

The archive, Syhunt’s analysis says, is “being actively shared among hackers and cybercriminals in the form of a single, 7zip compressed archive.”

Based on the Syhunt report, 1,921 passwords from domains using .gov.ph were affected. This is a small fraction of over 1.5 million .gov-related passwords in the data leak, but many more Filipinos may be affected as the analysis does not include specific location information from international emails like Gmail.

The analysis added the United States was seemingly the worst hit, with 625,505 .gov passwords exposed and at least 2.78 million .us domain passwords exposed.

Syhunt believes the PWCOMB21 leak is made up of a compilation of leaks, meaning the file was built up from “multiple leaks in different companies and organizations that happened over the years.”

The analysis added “a significant number of leaked passwords appear to originate from breaches that affected other companies and websites that simply allowed to create accounts linked to user emails. This means services like LinkedIn among other social networks, and multiple other Internet websites” were not referenced in the overall total.

Among their recommendations is that users should not only change their passwords, but also “completely break with password naming habits and patterns when changing a password. They should be encouraged and assisted to adopt strong passwords more than ever.”

The full report is available on Syhunt’s website here. – Rappler.com

Add a comment

There are no comments yet. Add your comment to start the conversation.

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.
More from Victor Barreiro Jr.

cybersecurity