As the popularity of Patched.to grew, so did the attention from law enforcement agencies and cybersecurity experts. In 2017, the website was shut down by its administrators, allegedly due to pressure from authorities. The site's closure was seen as a significant victory for cybersecurity efforts, but it also highlighted the cat-and-mouse game played between hackers, cybercriminals, and law enforcement.
These lists are compiled from previous data breaches, phishing campaigns, or "stealer logs". Use on Patched.to:
Grouped by email provider or country, such as Polish (.PL) or French (.FR) domains.
Patched.to itself has been targeted. In 2022, a coordinated operation involving the FBI, Europol, and the UK's National Crime Agency seized domains linked to similar combo-list sites. However, Patched.to persists because:
The existence of combolists poses significant risks to online security. When a combolist is shared or sold, it can lead to:
MFA adds an additional layer of security, making it more difficult for attackers to gain access using only stolen credentials.