A combolist is a collection of username and password pairs, often obtained through data breaches, phishing attacks, or other malicious means. These lists can be used for various malicious purposes, such as:
Filtering for specific targets (e.g., only @gmail.com or @outlook.com addresses). Patched.to Combolist
A "combolist" (short for combination list) typically follows a standard plain-text format: username@email.com:password . On platforms like Patched.to, these lists are categorized by their source or intended target, such as gaming accounts (e.g., Valorant, League of Legends), streaming services, or regional domains. A combolist is a collection of username and
New combo lists are posted regularly, with recent threads featuring mixed corps and valid Hotmail hits. On platforms like Patched
As the popularity of Patched.to grew, so did the attention from law enforcement agencies and cybersecurity experts. In 2017, the website was shut down by its administrators, allegedly due to pressure from authorities. The site's closure was seen as a significant victory for cybersecurity efforts, but it also highlighted the cat-and-mouse game played between hackers, cybercriminals, and law enforcement.
: Use these lists to identify leaked corporate credentials and force password resets for their employees.