In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password.
Fields count statistics
Numbers may not be precise, a precision threshold of 100 is used to determine if a field is unique.
password.plain top values
domain top values
Only the top 100 values are displayed in the chart.
Values with less than 100 occurrences are not displayed.
Values with less than 100 occurrences are not displayed.