Anti Public

In December 2016, the cybersecurity landscape was jolted by the emergence of the Anti Public Combo List, a massive compilation of over 457 million unique email and password pairs. Unlike a breach stemming from a single source, this dataset was an aggregation of credentials from numerous previous breaches, including those affecting major platforms like Adobe, Dropbox, LinkedIn, and Yahoo. The list was widely circulated on hacker forums and dark web marketplaces, making it a readily accessible tool for malicious actors.

The Anti Public Combo List became a primary resource for credential stuffing attacks. In these attacks, cybercriminals use automated tools to test stolen email-password combinations across various websites, exploiting the common practice of password reuse among users. The widespread availability of this list significantly lowered the barrier to entry for such attacks, posing substantial risks to individuals and organizations alike.

An analysis by Duo Labs revealed that while 70% of the passwords in the list contained at least one number, indicating a slight improvement in password complexity, only 6% included uppercase letters and a mere 4% had symbols. This underscores the persistent issue of weak password practices among users, despite ongoing awareness efforts .​

The Anti Public Combo List is often mentioned alongside other massive data compilations, such as the Exploit.in list and the Breach Compilation, which collectively encompass billions of credentials. These compilations highlight the cumulative effect of multiple data breaches and the importance of robust cybersecurity measures to protect personal information .​

Data Included in the Breach