A credential stuffing list labeled BestCombo/GGBestC exposed 1,557,021 records, roughly 1.56 million plaintext email and password entries tied by the listing to gaming and streaming services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify (leaksear.ch metadata). The dataset is indexed with a breach date of October 28, 2023, and leaksear.ch metadata characterizes it as an aggregated combolist rather than a direct breach of those services (leaksear.ch metadata).
What happened
Leaksear.ch indexed the source on June 29, 2026. The metadata describes the file as a BestCombo/GGBestC combo list advertised as 1.6M Mail:Pass hits for Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify (leaksear.ch metadata).
Public forum pages reviewed for context show similarly titled Bestcombo posts, including a Patched.to combolist thread submitted on September 26, 2023, and a HARD-TM database-giveaway thread started on October 28, 2023. In both cases, the visible post content is limited because the body is hidden behind registration or access controls (patched.to, hard-tm.su).
The available evidence supports treating this as a credential stuffing combolist, not as confirmation that any of the named gaming or streaming services were directly breached. OWASP describes credential stuffing as the use of stolen username and password pairs against other websites, usually relying on password reuse across services (owasp.org).
What data was exposed
Leaksear.ch indexing metadata lists email, password, and username as exposed searchable fields. The source file contains plaintext email and password pairs, and the metadata does not list additional stored fields (leaksear.ch metadata).
Because the passwords are plaintext, affected users should assume any reused password in the dataset is compromised. Security teams should treat matching corporate emails or usernames as an account-takeover signal and prioritize password rotation, login review, and MFA enforcement.
Why this matters
Credential stuffing lists create risk beyond the services named in the listing because attackers can test the same email, username, and password combinations anywhere the affected person reused credentials. The main risks are account takeover, phishing that references gaming or streaming accounts, and secondary compromise of email, payments, game libraries, subscription accounts, or workplace systems.
For organizations, matches involving employee accounts should trigger password resets for reused credentials, investigation of suspicious authentication activity, and MFA coverage checks. CISA recommends multifactor authentication because it adds protection when a password is compromised, while OWASP notes that credential stuffing succeeds when exposed credentials are reused across sites (www.cisa.gov, owasp.org). If you may be affected, check your exposure in this leak and rotate any reused passwords immediately.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email, password, and username.