Got Phishing Hooks? What You Need to Know about COMB

You may have heard about the mother of all data breaches over the past couple of days. More than 3.2 billion email-password pairs were posted online. That’s bigger than the Yahoo compromise last year, which exposed a billion users.

The trove is being dubbed COMB, short for Compilation of Many Breaches. The name explains the situation fairly well. There’s no real news here. The posting of COMB is really only meaningful if you’re an identity thief, since it provides a great one-stop-shopping experience for every stripe of identity-related crime.

Why It Matters:

The COMB post is just in time for opening day of fishing season, which starts of course on April Fool’s Day. Of course when it comes to getting hacked, phishing season is year-round.

The specific hooks right now are:

If you prepare your own taxes and you’re not using two-factor authentication on the service that you use, this is the year to set it up. The IRS now allows anyone to get a PIN code to securely file a return. Get yours as soon as possible.

There is nothing more romantic than meeting Mr. or Ms. Right on Valentine’s Day. During Covid that is most likely going to happen online. A catfisher with your email address might be able to lure you into a kind of “love” that costs you bigtime. Be extra careful.

With news of more transmissible strains of Covid-19 circulating, many scams could be afoot, ranging from vaccines, PCR and rapid testing information to contact tracing. Take your time with any emails about Covid-19. Think before you click.

Because the vaccine rollout has been anything but orderly, there’s a flood of vaccine related phishing emails going around. Be especially careful with any email about vaccination. If you are unsure about an email, it is a good idea to err on the side of caution. Online resources are the best place to get vaccine information.

COMB truly is the Wikipedia of all breaches and compromise. But while this warehouse approach to breach data makes phishing and other modes of targeting people convenient, you’re not any more exposed than you were before the revelation of this database. It’s all been “out there” a very long time.

The bottom line here is that If you’re like most people, your cyber hygiene could use some leveling up. At the very least, you should start paying extra attention to breach notifications, stop re-using passwords and choose new harder-to-guess credentials, enable two-factor authentication wherever possible and update your security software whenever a new patch is released.

Originally published at on February 8, 2021.




Founder, CyberScout. Co-founder,

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What happens when you use internet

DynaSet Roll-Out Contribution

{UPDATE} Uberlay Hack Free Resources Generator

DevSecOps is a Must for Financial Services Organisations

Creating a Safer Virtual World for Female Founders

{UPDATE} Slots - Vegas Casino Jackpot Slot Machine Hack Free Resources Generator

{UPDATE} Block Puzzle Wood Hack Free Resources Generator

ESP32 Wi-Fi Controlling Devices

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam Levin

Adam Levin

Founder, CyberScout. Co-founder,

More from Medium

2021 Indoor / 2022 Outdoor Season Reflections

Rockies Game Notes: May 14, 2022 vs. Kansas City

Tecware EXO L+ Mouse Review

A Cable Cutters Guide to Watching the 2022 Winter Olympics