What’s a "Combo List", and why is this site providing them for free?
The other day I got linked to this: https://combo-list.com/ This is a very strange "blog" which seems to be regularly publishing (or linking to, rather) lists of e-mail addresses which have supposedly been leaked in data breaches.I do noy have any interest in the passwords, but it seems to also include those. I'm not sure if those are really the passwords to the e-mail accounts, or passwords for something else al together.
I have nothing to do with using somebody else's e-mail account.
They don't mention what a "combo list" is, and I cannot figure this out from searching or thinking. It seems like the blog assumes that everyone knows what it is. I also believed it to be a fake site at first, but eventually did manage to download a list, and it appeared real. But then again, we don’t know what kind of information really is in those lists? I wonder why anyone would run such a site, and regularly update it. Why would they give out this info to the public like this? What's in it for them? Why would they want more spammers to send e-mails to these victims of data breaches?
Combo acronym for combination, so combo lists are lists containing combinations of usernames/emails and passwords. They are used for bruteforce attacks. The benefit when we compare combo list to separate username and password lists is that combo lists are expected to contain a higher probability of success. They may let’s say stem from data leaks or successful bruteforce attacks from earlier. The idea is that they (used to) work on some websites, and because users reuse passwords, they may work on other sites as well. Why would they give out this info to the public like this? What's in it for them?
Why do people share anything with others? Fame, recognition, helpfulness, money (via ads), boredom? Why would they want more spammers to send e-mails to these victims of data breaches? It's not so much about spamming (lists of email addresses would be enough for that), but about them obtaining access to other users accounts. For example, to gain free stuff (say a netflix account) or for more nefarious purposes (stealing money, credit cards, etc). Defining Combo list
A combo list is a text file that contains a list of leaked usernames and passwords in a specific format. The passwords are usually obtained from different breaches and collectively stored within a file. These files may be fed into automatic brute-forcing tools that test multiple credentials on different accounts or website logins until a match is found.