Combolist
Also known as: Combo list, Combo
A combolist is a compiled list of username/email and password combinations, aggregated from breaches and stealer logs, used to fuel credential-stuffing and account-takeover attacks. Combolists are traded widely and are a core commodity of the credential-theft economy.
What is a combolist?
A combolist (combination list) is a plaintext file of credential pairs — typically email:password or username:password — assembled from multiple sources including data breaches, phishing, and infostealer logs. They are shared and sold on forums and Telegram, often for little or no cost.
How combolists are used
Attackers feed combolists into credential-stuffing tools that test the pairs against many sites at scale. Because of password reuse, even a low success rate yields working accounts. Combolists derived from fresh stealer logs are more dangerous than old breach data because the credentials are more likely to still be valid.
VantaPrism focuses on the upstream source — fresh infostealer logs — so organisations can reset exposed credentials before they are aggregated into the combolists that drive credential-stuffing campaigns.
Check Your Exposure arrow_forwardFrequently Asked Questions
Where do combolists come from?
Related Terms
Credential stuffing is an automated attack that takes username/password pairs leaked from one source and tries them e…
Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…
ULP data is credential data formatted as URL:Login:Password — the login page, the username, and the password for a ca…
A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…
Account takeover (ATO) is when an attacker gains unauthorized control of a legitimate user account, typically using s…