CRITICAL SEVERITYAggregation

Anti Public Data Breach

Verified by ObscureIQ Intelligence
Xinf@

8.0Severity
1.1BRecords
2Data Fields
2016Year

Impact & Downstream Threats

This breach carries critical risk due to the nature of exposed data fields and the scale of affected records.

Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Targeted phishing campaigns using exposed email addresses

Breach Intelligence

EntityAnti Public
Breach DateDecember 2016
Disclosure42859.0
Records Exposed~1.1B
Attack VectorCredential Stuffing
SourceHave I Been Pwned / DataBreach.com / ObscureIQ intelligence
StatusConfirmed

Executive Summary

In December 2016, the cybersecurity landscape was jolted by the emergence of the , Anti Public Combo List, , a massive compilation of over 457 million unique email and password pairs. Unlike a breach stemming from a single source, this dataset was an aggregation of credentials from numerous previous breaches, including those affecting major platforms like Adobe, Dropbox, LinkedIn, and Yahoo. The list was widely circulated on hacker forums and dark web marketplaces, making it a readily accessible tool for malicious actors. ,

, The Anti Public Combo List became a primary resource for , credential stuffing attacks. In these attacks, cybercriminals use automated tools to test stolen email-password combinations across various websites, exploiting the common practice of password reuse among users. The widespread availability of this list significantly lowered the barrier to entry for such attacks, posing substantial risks to individuals and organizations alike.,

, An analysis by Duo Labs revealed that while 70% of the passwords in the list contained at least one number, indicating a slight improvement in password complexity, only 6% included uppercase letters and a mere 4% had symbols. This underscores the persistent issue of weak password practices among users, despite ongoing awareness efforts .​,

, The Anti Public Combo List is often mentioned alongside other massive data compilations, such as the Exploit.in list and the Breach Compilation, which collectively encompass billions of credentials. These compilations highlight the cumulative effect of multiple data breaches and the importance of robust cybersecurity measures to protect personal information. // In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.

About Anti Public

Anti Public is an organization whose data was exposed in this breach. The dataset has been verified by ObscureIQ intelligence and indexed across breach notification platforms.

Data Points Exposed

Verified fields in the released dataset:
Email addresses
Passwords

Dark Web Verification

Status: Confirmed

  • Dataset containing approximately 1.1B records identified in breach intelligence sources.
  • The data is indexed and searchable across breach notification platforms.

Recommended Actions

⚠️ Do not assume this is low sensitivity.

Change Passwords
Change your Anti Public password immediately and any account sharing similar credentials.
Expect Targeted Phishing
Watch for emails referencing this breach. Verify communications through official channels.
Secure Email & Enable MFA
Email compromise is often the first pivot point. Enable multi-factor authentication.
Monitor Financial Accounts
Watch for unauthorized credit applications and suspicious activity.
Check Your Exposure
ObscureIQ clients: this breach is indexed in your profile.
Non-clients may request a breach impact review.

Frequently Asked Questions

What happened in the Anti Public data breach?

In December 2016, Anti Public experienced a data breach that exposed approximately 1.1B records containing personal information.

What data was exposed?

The exposed data includes fields such as email address, password.

How many records were affected?

Approximately 1.1B records were affected based on current breach intelligence.

Protect Yourself

Check If You’re Affected

Enter your email to check if your data appears in this breach.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed.

High-Risk? Get an Exposure Audit

Full-spectrum exposure audits for executives and public figures.

Request Consultation

ObscureIQ Advisory

We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.

If you are:
  • A public-facing individual
  • A high-profile executive
  • A customer of Anti Public
  • Or concerned about credential reuse
Services
AuditsWipesThreat MonitoringTraining
Contact
Phone(855) 763-7273Emailinfo@obscureiq.com

© 2026 ObscureIQ. All Rights Reserved.

Classification Tags

Credential StuffingAggregationEmailPasswords

Powered by the ObscureIQ Breach Intelligence Database

© 2026 ObscureIQ · All Rights Reserved · Data Licensing

Latest from ObscureIQ

Credit

What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)

July 14, 2025
Every time there’s a major data breach, companies scramble to offer “free” credit monitoring. It sounds like a responsible move.…
breach economycredit freezecredit scoreequifaxexperian
Credible Threats

Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.

September 2, 2025
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars. Over 80% of security incidents now start in the browser. Chrome.…
brave browserbreachesbrowser exploitbrowserschrome
Analysis

Sextortion Spam

May 10, 2025
Sextortion scams aren’t new, but they remain one of the most effective forms of cyber-enabled fraud. These scams don’t rely…
bitcoindeadlinefeargoogle maps apiransom