Data Leak Exposes 149M Logins, Including Gmail, Facebook(www.techrepublic.com)
80 pointsby saikatsg6 hours ago8 comments
  • bahmboo3 hours ago
    This is aggregated data from info stealers not from compromising Google or FB systems.
  • zero-sharpan hour ago
    So I just searched my email on HIBP again. Most of the leaks I see there were from old websites I hardly cared about securing from many years ago. But, in general, how do I find out what has actually been leaked (if it's not website specific)?

    I'm not going to change all of my passwords every time a random website that I used briefly ten years ago leaks my low effort password.

    • LeifCarrotson41 minutes ago
      You shouldn't have to change any passwords on other sites because you shouldn't be reusing passwords.
      • consp31 minutes ago
        I use separate emails for all accounts and that get's me in trouble when companies "consolidate" accounts because "everyone uses the same email for all accounts". Your good idea might be true, practice is not.

        I've had this twice now in one year ...

  • charcircuit4 hours ago
    Is this even new? Or is this the same bunch of stealer logs that has been floating around repackaged? This 149M is meaningless without removing the already seen entries and getting rid of duplicates.
    • KaiserPro3 hours ago
      and Is this on haveibeenpwnd yet?
    • OptionOfT4 hours ago
      This is a great question. I saw this and first thing I thought was:

      Am I a part of this?

      If this is a collection of stealer logs, no, but if it is Google & Facebook that have been hacked / had data leaked, then yes.

      So far I've not heard anything from either, so I'm gonna assume that it didn't happen through those services until I hear otherwise.

  • 2 hours ago
    undefined
  • tamimio2 hours ago
    It should be a standard practice to have a unique email and password for every service you use out there, plus the usual like 2FA. I have been doing this for years and never had any issue, but also you can tell if the service got compromised even if they never announced it. For example, I have an account on a service called Shakepay, and recently I have been getting a lot of phishing attempts on that specific unique email that's never been used anywhere else. I can tell for certain that their email database got leaked/they sold it.
    • accrualan hour ago
      How do you manage having potentially many different email accounts?
      • lunar_rover12 minutes ago
        Outlook supports having multiple arbitrary email addresses as well as allowing login from only one of them.
      • jortsan hour ago
        Just adding plus signs and the vendor name in the address would do it.
        • mmasu38 minutes ago
          isn’t this easy for a potential attacker to mitigate, i.e. dropping from the address everything after the plus? it’s a known trick for gmail so i would not be surprised if an attacker knew how to get to the “real” address by cleaning it up.
      • tamimioan hour ago
        A lot of email services that provide the aliasing feature have seamless integration with password managers, so when you sign up you generate a unique email and password on the fly, and it get saved in the manager.
  • treelover5 hours ago
    Time to change our passwords
  • rvz3 hours ago
    I have just heard celebrations from millions of AI agents living in data centers cheering on yet another data leak full of unique login data ready to train on.

    Now these AI agents are going to use this to get to know about us humans even more.

  • sandworm1013 hours ago
    IMHO, any password shared with google and/or Facebook is instantly "leaked". I trust them less with my passwords than I do randos.
    • orion7an hour ago
      Companies trust them with their passwords and intellectual property and remain in business. It's insane to me too, but that's the world we actually live in
    • pickleRick2433 hours ago
      I don't understand, why do you say this? I would think that google's security is very solid, and am not aware of them ever being hacked to gain access to user accounts/passwords. Are you saying they're deliberately leaking user passwords to 3rd parties?
    • nurettin3 hours ago
      Reminds me of old IRC where you would trick a noob into revealing their password, then kick them out a bunch until they changed it. Channel would have a good laugh.