This might be the mother of all password leaks, with billions of credentials exposed

BGR ^ | 7 Jun 2021 | Andy Meek

[ken in texas]

Shortly before Apple CEO Tim Cook took the virtual stage at the iPhone maker’s Apple Park headquarters campus for WWDC 2021 on Monday — at which the company unveiled a ton of new software updates, including some major new privacy enhancements — an email landed in my inbox underscoring how critical those privacy features are going to be once they roll out with iOS 15. Basically, there’s been another huge data leak, this time exposing several billion passwords in what just might be the biggest dump of passwords online ever.

This news comes via the team at CyberNews, which reports that a 100GB text file containing a staggering 8.4 billion password entries was just leaked on a popular hacker forum. This data set presumably combines passwords stolen via previous data breaches and leaks, and it’s been dubbed the “RockYou2020” password leak on that hacker forum. That name was apparently chosen, per CyberNews, as a nod to the RockYou data breach from back in 2009, “when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text.”

--- end excerpt ---

[Freedom56v2]

So if they had my email or username, they could feed in batches of passwords to find one that might match?

[dayglored]

> So if they had my email or username, they could feed in batches of passwords to find one that might match?

Yep, that's the concept.

And that's why it's a good idea for you and me to have long passwords, for example mine are at least 12 characters, and for really important things I use 16 or more characters.

And a password manager program, so I don't have to remember them. :-)

[a fool in paradise]

Fron the first page of this thread

https://thelibertydaily.com/8-4-billion-passwords-hacked-leaked-online-check-to-see-if-yours-is-among-them/
First and foremost, you can check to see if your passwords were hacked and posted online. Check your email addresses here and check your passwords here.

https://cybernews.com/personal-data-leak-check/

https://cybernews.com/password-leak-check/

[Freedom56v2]

I have thot of a password manager program, but then I thot well, what if they are hacked? Hence the index card system...

Do you have a password manager program that you would recommend?

[dayglored]

> Check your email addresses here and check your passwords here.

Those are two SEPARATE checks. They do not associate a password with an email.

Anyone who has had an email address for more than a year can pretty safely assume it's on the email list. That's a no-brainer -- email addresses get passed everywhere.

And anyone who types their actual passwords into some random webpage to "check if they're leaked" is OUT OF THEIR MIND. That's crazy stupid. Insane level stupid.

Trust no website. None. Any website can be hacked and you're typing your password directly to the Bad Guys.

[dayglored]

> Do you have a password manager program that you would recommend?

"KeePass" is my personal choice for Windows and Linux, and compatible "MacPass" on MacOS.

[Freedom56v2]

Thank you! You are very helpful :)

[ptsal]

Post 10 - Dilbert
Good one....

[texas booster]

Thank you for the links.

HaveIBeenPwnd?

This is where I go to check for leaks but it hasn't been updated yet.

[a fool in paradise]

Thing that is “bad” about being on the email list (with hundreds of millions of other email accounts) is what are you to do? Abandon those accounts? There isn’t anything you can do to remove your account from the lists and even if there isn’t a “new” compromise what are you to do when a new report comes out? You’ll still be on the list.