A combolist is a plain-text document containing a compilation of usernames (often email addresses) and their corresponding passwords. These lists are typically formatted as email:password.
: Never reuse passwords. A password manager can help you generate and store complex, unique credentials for every site. Enable MFA
Use Strong, Unique Passwords: Ensure all your online accounts have strong, unique passwords. This makes it harder for attackers to gain unauthorized access using a combolist.
2. Introduction
- Background: Credential stuffing attacks have surged, responsible for billions of unauthorized login attempts annually.
- Problem: Combolists are the primary ammunition for such attacks, yet their structure and labeling (e.g., by country, source "HQ," and releaser handle like "ShroudZero") are understudied.
- Research Question: What can file metadata and naming conventions of combolists reveal about the threat actor’s methods, target priorities, and the broader illicit credential market?
- Ethical Note: This paper does not contain, reproduce, or verify any real compromised passwords. Analysis is limited to publicly observable metadata and cybersecurity literature.
: Even if an attacker has your correct email and password, MFA provides a critical second layer of defense that is much harder to bypass. Monitor Account Activity
