Thread 105638569

16 billion profiles affected apparently.

>>105638569 (OP)
>>105638444

That's like, twice the number of people in the world

>>105638621
It may surprise you but the average person uses more than one website with user registration.

>>105638569 (OP)
All at the same time?
Thry hack the cia or something?

>>105638811
they hacked jeorge's bush phone

>>105638569 (OP)
Is this the reason why seemingly half of reddit is deleted posts now?

>inb4
>it's just some scraped data
>happened from some bullshit app or fork of an app
>99% of the accounts were some from bot farm
>records are from 2015

Every time there's some massive password leak, it's almost always >90% full of useless gunk.

>>105638569 (OP)
Aren't passwords digested anyway

>>105638569 (OP)
Oh no, anyway.

>>105638569 (OP)
fun fact, I used to have a protonmail account, I put a password legit like 25+ characters alphanumeric and shit, I posted the account on 4chins just once, next thing you know is that that account was cracked, lulz, thank god it was a trash account

does it mean all SAARs are doxxed now?

>>105638569 (OP)
Probably just some fake credentials.

>>105638868
yeah but we need clicks and we need (you)s

how does that affect me personally?

>>105639234
It made you make this post

>>105639489
#REKT

So retards who fell for phishing? Need more info before I change any passwords, I'm a lazy fuck.

>>105639588
Same, is it already on haveIbeenpawnd ?

>>105639234
remember the fappening?

>>105640036
Nobody wants to see my dick pics

>>105640036
Been a while, I guess its time to up it a notch?
The best part I remember from it was the based photographer that had daily orgies, that man lived a life! What happened with him, what was his name?
CAPTCHA: NUYTA

>>105638569 (OP)
not a problem
everyone has 2FA already
right?

>>105640036
the fappening is obsolete now
we can generate ai images that rival the real ones

>>105640153
but they are fake
demonic energy
ungodly

>>105638868
>>records are from 2015
how often do you think users change their password?
these days i switched to using a password manager and randomised passwords ever since i got a scare when my steam account got taken over in 2017 (which i did get back) but before then, and still for some things i don't care about because i can type it fast, my main password hasn't changed since 2008, and even then it was only changed slightly at that point because someone i knew figured it out. not sure exactly when i made it up, but probably a few years earlier. honestly, i probably made the original one when i signed up for msn messenger in 2003. it's based on a nickname my sister used for me which even she doesn't remember using

>>105640163
wow just like real women, and you still fap to them

Passwords are pointless on anything that has 2FA now anyway.

>>105638569 (OP)
I don't get how password leaks happen. They don't store the passwords themselves on their servers, only the hashes. Is it just that the hash function leaks and attackers use this to compute billions of passwords using a rainbow table or something?

>>105640331
>hash function
hash function and the hashes, I meant

>>105640331
It is through malware that steals your browser data.
Every random browser extension can in theory just log what you enter into password fields. Any random application can rip out your saved passwords from your browser.

They do rip out your cookies as well, meaning that your 2FA is worthless. It's how all those ecelebs lost their accounts to AI-Musk crypto scammers, besides using 2FA.
But in the leaks, or when they sell them on the darkweb, we never get the cookie data. We get login / password lists. The hackers don't sell the cookies for some reason.

So far it's just a bunch of news outlets parroting
>16 BILLION PASSWORDS GUYS HOLY SHIT!
>ANYWAY YOU SHOULD BUY A NEWSPAPER SUBSCRIPTION
I don't care until I see a magnet.

>all my passwords are in the lines of benisinbagina666 because i can actually type them out and fuck password managers
>all the stuff i care about has authenticators or 2fa to jewgle mail enabled
>jewgle mail obviously has 2fa enabled to my phone
Remind me, why should i care about another sixty billion password leak

>>105638569 (OP)
>more fake news
when will the tyranny of free speech end
journos need to have their teeth kicked in.

>>105640365
>Every
Not true, you can see the permissions an extension has also MV3 solved this regardless

>>105638811
They are leaking the passwords on purpose, to aid Palantir. MS is pushing for fingerprint or face pictures as a replacement for passwords. Guess who wants to aggregate all that?

>we detected a login to your account from India
>was this you?
YES / NO

wow so hard, such hacks

>>105640331
People leak even hashed+salted passwords since it can be beneficial for more targeted attacks.

But a lot of password leaks these days are stealer logs, so you get malware on your computer that logs when you log into shit and compiles that. That gives you pretty much ready-to-use login credentials, since they store the username, password and the website, so you have shit like "johndoe@example.com:mypassword:netflix.com" in a massive file.

>>105640036
I legit thought that was the end of iphones. It blew my mind to find out that iphones were uploading your camera pictures to a cloud in the hands of filthy strangers. Itoddlers literally didn't care that their nudes are stored on a server in a data center. It was at that moment I realized they are not human.

What's the point of this if I cannot use it for my own personal wicked purposes

>>105638569 (OP)
how do I know if my account got hacked?

>>105638569 (OP)
source or it didn't happen

>>105638569 (OP)
my password has been Gaterway11** for as long as I can remember.

Where's the download

>>105638569 (OP)
not my problem xD

>>105640634
Same, I can't remember the last time I even input my actual password lol.

>>105638569 (OP)
oh no my password is leaked for the 50 thousanth time, whatever will I do, hackers are going to get into my account

oh wait i'm not retarded and have my account linked with Authentication software

Anyways this only really effects people in 6 figure paying jobs, doesn't really effect poor people like me that i only have $17 in my bank account that will be $10 in 7 days.

I'm not gonna.

>>105641738
you don't even have to do anything, googlel and applol have multi factor enabled by default

>>105641755
what website do I have to check? I have a bunch of gmail accounts I dont even know how many, some I probably forgot the passwords

>>105638868
>>>105640545
bottom 2 most likely, im sure some of it is "newer" stealer log info but a lot of skids get caught in there trying to do bruteforce / stuffing attacks on accounts who were also infected by the stealer log
>>105639808
most logs probably will be, he ingests stealer logs now & was quick to load the alientxtlogs
>>105640825
you can find the clear text solves for a lot of db dumps on hashmob
>>105641183
probably telegram

>>105641901
https://haveibeenpwned.com/OptOut

please opt of of these and allowing would be bad actors from being able to directly see what breaches you are in.

>>105640036
literally the beginning of the end for like half the boards on 4chan
/b/ was always shit but fell completely to the coomers after the fappening...

>Cybernews uncovered over 16billion login credentials from ~30 datasets leaked via infostealer malware and misconfigured cloud storage—not from a single breach. While accounts from major platforms like Apple, Facebook, and Google appear in the data, none of these companies were directly hacked. The records span various timeframes and include reused or old credentials. The data poses a serious risk for credential stuffing and phishing attacks. Users should change passwords, enable 2FA, and use password managers to reduce exposure.
nothingburger?

>>105642019
i'll never understand why this info is public and not just sent to the email requesting the check.

>>105642100
Jesus fucking christ can't they post something less vague at lest? A list of services compromised? The actual source of the leak maybe? Fucking amateurs man, who the fuck reports like that. No important details. Welcome to CHATGPT journalism I guess.

>>105640365
Ok, so I'll make a VM for only my browser. Got em

>>105638569 (OP)
So what? If I change all my passwords I should be fine no?
Also most things need SMS two factor anyways...

niggers be like
>cybersecurity is a meme full of nepobaby incompetent fags, I will NOT shill money for protection cuz I'm the smartest faggot around
and then shit like this happens, remember to watch the anti-phishing tutorial at your job retards

The hacker known as 4chan did it again

>>105638755
I samefag myself on 4chan all the time with two 4chan paid accounts.

Dont ask its conplicated.

>>105638569 (OP)
When they say a password was leaked do they mean the plaintext or the hash?

>>105642409
its so ridiculous and is the lowest of hanging fruit, breach forums is down but there are lots of places you can go to torrent these files

>>105642051
It would be so easy to make a SFW /b/. I don't understand why they willingly keep missing out on such a perfect opportunity.

FFS I just changes password yesterday and now have to do it again.... le *sigh*

>>105642913
>>105642409
Yeah they "unintentionally" made a OK tool to quickly check what leaks someone you want to look into is in.

But to be fair, it's not a biggie, there's other sites that do the same with more info, it takes 15-60min to google up a torrent of most major leaks to actually see the data... Most people are too retarded and for the rest it's easy to find anyway.

>>105642573
cyber-security IS filled with non-technical nepobaby fags who are incompetent. & its even worse now that everyone says its "entry level" "easy" and "can make 6 figs"

>>105642991
yeah a lot of them get shut down weleakwinfo actually got seized others dip before its a problem like xkeyscore. the issue with HIBP I have its it lets you know if its even worth going to the other sites instantly and what information you will find there when you do.

>>105641738
What are you spending a 1,400 half-pence on, Mr. Rothschild?

>>105638569 (OP)
I bet it's a rehash of previous "leaks", most likely obtained from botnets.

post the torrent you useless fucks

>>105643052
>cyber-security IS filled with non-technical nepobaby fags who are incompetent
cope, you are a balding ahh millennial that knows nothing about computers
>hat everyone says its "entry level" "easy" and "can make 6 figs"
this is just jewtubers doing jewtube things, if you have more than 80IQ you can easily ignore that

>>105643108
go on btdig and look up leaks listed from HIBP, naz.api etc.

lainchan has a thread in /sec/ with links 4chan thinks its spam to link

>>105643205
thank anon

>>105643189
Im gen z, work as an isso & everyone new to the field i've interacted with IRL is just interested in money.
> jewtube
its easy for me to ignore, not for the leeches interested in the industry for ez gibs

>>105643205
thanks king

1) is this collection of older data sheets or something newish?
2) if its newish leak then from what range, last 1-24 months?
3) any more info on the "16 billions" leak source, confirmation? etc

>>105638569 (OP)
I'm assuming those leaked passwords are all hashed and salted so they should be useless anyways unless you mean to tell me that major tech companies were still storing plaintext passwords in Anno Domini current year + 10

>>105643255
>is just interested in money
anon it's a job, it's not your life, you can slave away for Mr. Goyberg if you like that but most people don't and they get by doing the absolute minimum

>>105643082
The one that I use hasn't been. That said bad actors better just check the dbs themselves...

Which begs the question as to why leaks arent distributed in sqlite files where searching will take .01s over 500m users rather than .txt files with sql commands that will take 5+min.

>>105643389
The leaks were likely obtained from browser malware that spied on and stored users' passwords

>>105643443
Oh.
Well in that case I'm probably unaffected, but I guess it wouldn't hurt to change my gmail passwords.

>>105643436
fair enough, I just hate working with them because they are all retarded. Im sure no matter where I worked id think some of my co-workers were retarded as well.
>>105643440
takes time to set it up, all the ones i've collected are just csv's or txt files, ive seen a few actual .sql dumps but its not many. there is some combination of breaches out there you can torrent that has a bash script that does a retarded version of this where it goes by first 3 letters of the email to filter so "/a/a/a/file.txt" and "/a/a/b/file.txt"

>>105638569 (OP)
Oh no my spam mail the are going to erase it.

*changes password from Password1 to Password2*

Ive already updated my gmail passwords. What else should I be wary of?

>sites start going 'passwordless', making you login with a code sent to your gmail account instead
>your gmail account password is now effectively your password for everything
>oopsie literally everyone's gmail account just got hacked

luhmao

>>105643443
>there are "people" who store passwords in their browser
old skool chads WW

>>105642784
hash

>>105640779
this
elites leaking ur shit u gave

So they've been hiding the existence of 6 billion extra humans from us this entire time? Shameful.

>>105644574
joke's on you, my Google account is passwordless too. I just get a 2FA code beamed directly to a vibrating butt plug.

>>105644771
>clench six times to confirm

AHHHHHHHHHH

I JUST REALIZED SOMETHING

THE ELITES ARE GOING TO SLOWLY REMOVE PASSWORDS AND SWITCH EVERYTING TO SMART AUTHENTICATION VIA PHONES WHERE YOU SCAN YOUR THUMB OR FACE AND TAP LOG IN

THEY PROBABLY FALSE FLAG DATA BREACHES AND DELIBERATELY DUMP LOGIN INFO AS FALSE FLAG TO STRENGTHEN THE ARGUMENT TO MAKE YOU COMPLETELY DEPENDENT ON PHONES TO LOG IN ANYWHERE USING BIO DATA

THIS WILL THEN BE REPLACED IN THE NEXT ITERATION BY NEURALINK BRAIN CHIPS INTO YOUR BRAIN NEEDED TO LOG IN ANYWHERE THEY WILL DO THE SAME PLAYBOOK SAYING PHONES ARE NO LONGER SAFE WE NEED BRAIN CHIPS

>>105644833
You will like the Passkey.

>>105644833
Didn't Mythbusters demonstrate that face and thumbprint scanners were schwarbage like a decade or two ago?

>>105644833
If you're just realizing this now you're mentally disabled.

>>105641065
post your gmail and password I'll check for you sir

>>105644966
Randeepsingh@gmail.com
Indiasuperpower2030

>>105644980
bloody bastard you! bitch bastard!

bros i hope we get some brazzers pws out of this. haven't had any since 2013

if 16 billion passwords can just leak then what the fuck are we doing using this shit.

>>105638569 (OP)
Does that apply to Android users who need to have a Google account? How do I make my dear mum change her pw (I have no smartphone, so I don't know)?

Finally, weakpass can get an upgrade

>>105638941
Not true in the slightest.

>>105640129
yes. we good senpai.

>>105640638
>when will the tyranny of free speech end
it'll be over for you, too, retard.

ffs I've been awake for 16 hours I'm tired and sleepy do I really need to change all my gmail/outlook/proton shit now

>>105645225
nah, it's just clickbait

>>105638569 (OP)
From the title, i would've guessed database hacks. But this is just a ton of infostealer logs? boring.

>>105638569 (OP)
I dont have any of that shit so im good but https://mail.cock.li/ also got hacked or taken over by the fed, its been having suspicious activity, fuck this gay world already

>>105645228
actually some kinda ad campaign. seeing this bullshit "story" all sorts of places.

>>105645873
it's been spammed everywhere in the last 48 hours.

>>105645785
Didn't they explicitly say the feds had been abusing their emails en masse in an attempt to shut them down? I'd be shocked if they hadn't just brute force taken it over already.

>>105646147
yeah but something sketchy is definitely going on with them, real shame it was a good service idk where to go, im trying to save my mails with thunderbird, free proton is not usable without IMAP or at least more than 3 folder support

>>105638569 (OP)
>The records were most likely generated by infostealers
So, it's nothing?

I have 25 year old accounts that use a single all-lower case common word for a pw that have never been pwned

>>105644855
oh that will surely stop them

>>105643205
whats the name of the bread

Business idea: OTP via NFC tag in my basement

>>105640205
>password manager
which one? considering doing this now too

>>105649590
KeePass, open source, secure, using it since 2015, zero issues

>>105649590
i'm the one who posted that, i'm using keepass xc (linux/windows) and keepass dx (android), with its' db synced between computers/phone using syncthing

>>105649721
KeePassXC, to be precise.
Also, step away from passwords entirely, >>105649590 and use passkeys. Preferably with a hardware authenticator such as a YubiKey. Look up FIDO2 if you want to know why it's so much better than regular passwords.

>>105649753
Are you me?

>>105638621
All the bot accounts lol

>>105649764
yes, though i started as mentioned in 2017. i was already using syncthing however, started using that around i believe version 0.11 (2015)

>>105649774
Based. I'm just lazy and use OneDrive, don't hate me tho

>>105638569 (OP)
say you get access to my facebook, google and the apple account i do not even have... now what? you will post on my profile that i have no used for 10 years? or use the google account that has no money on it? truth it, i will let you have my accounts. who cares?

>>105638838
i do not want to go to desuarchive to link my posts but in short: they deleted multiple of my accounts ... well banned, but its basically the same. Reddit is just retarded to such a high degree that they make accounts disappear for multiple reasons.

>>105644996
Godspeed You! Bloody Benchod

>>105638569 (OP)
xD hackers went through all the trouble to find that my password was 1234qwer

>>105638569 (OP)
where do I find the leak?
amipwnd?

>>105650764
There is no leak.
Some faggots browsed places where leaks are posted for half a year and encountered multiple previously not encountered keylogger dumps which may or may not contain obsolete, useless, hashed and/or duplicate credentials, but the total number of lines across multiple logs before deduplication is 16 billion.

>>105649756
I can choose to forget a password. I can't choose to forget a hardware key.

>>105638569 (OP)
15 out of the 16 billion are just bot accounts. Dead accounts or accounts that already changed their password

>>105650764
It's not a single leak, some journ*list working for Cybernews added up a bunch of infostealer combo logs and came up with 16 billion. The article even admits that they didn't de-dupe them. See >>105642100
Cybernews has be running LARGEST BREACH EVER stories regularly for a couple of years, and then advertises their "Cybernews password leak checker".

https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/
https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
Etc.

so do we change passwords or not? im too lazy

>>105652248
nah, you're good bruv

>>105638569 (OP)
oh no!
>*laughs in 2FA*

>>105652461
>Swaps ur sim
:^)

>>105649590
the google one is perfectly fine.

>>105642984
there was /qa/....

>>105649590
>>password manager
>which one? considering doing this
bitwarden

>>105649756
if i lose my hardware key then I'm boned though

>>105648149
data breach exchange general

>>105638569 (OP)
torrent where? I collect leaked passwords.

>>105653555
Read the thread, it's not a single log. Cybernews added up 30+ existing stealer combo lists without removing dupes and came up with 16 billion.

most sites nowadays i just use login with google on one of my many throwaway emails, or a 10min mail provided the other option isnt available, with a throwaway password like faggot1

>>105638569 (OP)
I have my bank account registered on an email that's been breached 51 times. I give are barely enough fucks just to make this post ITT

>>105655029
I don't even give enough of a fuck to proofread my post

Hey hackers, do you have the password to my old Hotmail account? I lost it long ago.

>>105655029
I only care insofar as the utter hassle it would be to remember all the accounts tied to an email that I can no longer access. (I barely check my email on account of being a neet, no one's talking to me anyway.

>>105655828
hows the neet life? i'm jealous but i'm basically a neet myself, i just have a remote job

>>105656315
I guess you survive but the quality of life isn't high. I'm old enough to believe that your value as a human being is in your capabilities (not necessarily in the sense of being a working stiff until the machine spits you out), but I lack all skills or utility and so I daily recognize my laziness and utter cowardice. It'll catch up to me very soon.

>>105656387
how old are you and what are your skills? Live with your parents or on the dole?

>>105647636
Trust us, they've been pwned.

>>105638569 (OP)
Ok, but how do you check the credibility of that data? Anyone can compile some slop DB, especially today with LLMs. They can even mix real and fake ones, to provide evidence for buyers in dark-markets, and for buyers to not get flagged. Something like providing 100k real data in 1m fake, so they can bump the price and avoid being flagged as scammers. Or it can all be fake.

And they didn't mention if the data is repeated. I say a nothingburger like always.

>>105639064
How? can you elaborate

>>105641080
and what has been your email as long as you remember? Just curious

>>105641755
Oh, they changed their UI. Are they trying to make us forget that the creator of haveibeenpwned has been pwned?

>>105641896
https://haveibeenpwned.com/

>>105638569 (OP)
What's the source for these leaks? Seems unlikely they would get accounts and passwords for all these different sites from one source

>>105657120
>The records are scattered across 30 different databases, and some records are or might be overlapping
>The data most likely comes from various infostealers
>Our team has been closely monitoring the web since the beginning of the year. So far, they’ve discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.
>Researchers claim that most of the data in the leaked datasets is a mix of details from stealer malware, credential stuffing sets, and repackaged leaks.
>There was no way to effectively compare the data between different datasets, but it’s safe to say overlapping records are definitely present. In other words, it’s impossible to tell how many people or accounts were actually exposed.
>The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices
from the original source of the news: https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/

Basically Cybernews downloaded a bunch of stealerlogs and added up all of the rows. They've been running these stories every few months for a while now.

>>105657982
>https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/
This article reads like it was generated by chatGPT

>>105653455
>>105651321
Do you lose your phone?
Just don't be a retard. And have a backup, like with everything else.

>>105656543
No, I've logged into some of them after 10+ years of inactivity and have never found one that was stolen

>>105658583
If I have a backup, someone else has access to it. Defeats the concept of security

>>105638569 (OP)
nothing burger

>>105659380
t. No idea how FIDO2 works
I meant a backup hardware key

>>105656790
>>105638569 (OP)
I'm really good at this

>>105649756
>>105659731
FIDO2/CTAP a best

https://web.archive.org/web/20201112213643/https://github.com/solokeys/solo/issues/353
built my own with a $10 stm nucleo

>>105643255
>everyone new to the field i've interacted with IRL is just interested in money.
This is almost everyone with a CS or related degree. Fucking retards with zero interest "go into what makes money", and then they suck at it.

Then you get to hear from these retards - even on 4chan, about how hard it is to get a job.

>>105660769
if you want to advance a field you become a research fellow in academics and stay at uni or go into r&d
you are a fucking idealist if you think not even uni professors are just in it for the money
my prof is only at symposiums at hawaii eating shrimp cocktails
once you make it deep enough into academia you see that the superiors are just like people in the industry
PhDs are useful idiots for professors
you'll see that once you are 35

there is a reason there is a saying "those who can't do teach"
my prof researches the same subject since 1990 and it is a dead end
presidential age in france is 35+, chancellor in germany is 40+
once the deluded young idealist has been excised

Retards getting duped

>>105661303
don't care since i do mfa and 2fa without phone txts

>>105644855
Yes but that was a decade or two ago and it was MythBusters

if strikeforce was a nothing burger this is a nothing burger