Threat IntelligenceApr 2, 2026
‼️ A threat actor leaked a 1.4TB "private" combolist containing URL-LOG-PASS credential data. htt...
Threat actor leaks 1.4TB combolist with URL-username-password credential data.
Summary
A threat actor has publicly released a 1.4TB credential combolist containing URL-LOG-PASS format data (website URLs paired with usernames and passwords). This type of leak typically aggregates credentials from previous breaches, data dumps, or credential stuffing operations. The massive scale and public release pose significant risk for widespread account compromise and further credential abuse attacks.
Indicators of Compromise
- malware — combolist
Entities
Unknown (leaked via threat actor) (threat_actor)