184 million accounts just leaked, yours could be next

Kim Komando ^ | May 31, 2025 | By Kim Komando

[telescope115]

I get Kurt the CyberGuy’s daily newsletter, and he was saying this is HUGE. Apple put out an immediate alert with an update fix available. I checked my phone and it had already updated to iOS 18.5.

[Openurmind]

Here is the problem... when you land on the source page for this article these are the hidden spy scripts hitting your browser. And most of them follow you around the net wherever you go and collect log in credentials...

komando.com
…convertkit.com
…crazyegg.com
…google-analytics.com
…googlesyndication.com
…googletagmanager.com
…gstatic.com
…privacy-mgmt.com
…pub.network
…sparkloop.app

GOOGLE is the MAIN violator...

[The Duke]

Which is why I use the vim editor's built-in encryption feature to store my passwords locally. I also use two-part passwords, with one standard "unguessable" prefix being the first several characters and the second unguessable characters being specific to the service. That way, if I needed to share my passwords, I could send a list of second half of my passwords over an untrusted channel and share the prefix using other means.

In fact, even when I store my password encrypted locally, I don't save the prefix. I just put in a placeholder like '{prefix}' in its place. I commit the prefix to memory and share it only by voice with the very few who may someday need it.

The browser's memorization of passwords can be an Achilles' heel. In fact, I think I'll stop using that browser feature altogether and just copy/paste from my local vim file to address that weakness.

[zeestephen]

I am a little bit skeptical that my Microsoft log in pass word has been exposed.

Hackers may be able to get my screen name or Hotmail account name.

But, direct Hacker access to log in pass words at Microsoft? I am skeptical.

Earlier reports on this massive hack said it involves a Third Party vendor.

If that is the case, than your MSFT log in password is probably completely safe.

[woodbutcher1963]

In addition, everyone should freeze your credit.
This means contacting the four credit agencies and ask them to freeze your credit.
This means no one will be able to take out credit in your name INCLUDING YOU.

You will also need to keep a letter sent to you by one of those agencies in a safe place because it will make unfreezing your credit easier in the future.

I did this after I was one of the millions of victims of the Experian data breach.
My credit has been frozen for at least seven years or more.
I have not taken out any type of loan or new credit card in that time.
This is Free in some states.
There may be a small one time fee with one or two of the agencies.

There is absolutely no need to pay for some credit monitoring company.
When I was a victim of the breach Experian would have given me free credit monitoring for two years.
However, after that I would have had to pay for the service.

[zeestephen]

By the way...

Microsoft Edge continuously scans the Dark Web for pass words.

If they see one of your archived passwords for sale, they immediately alert you by email.

[dennisw]

“I use two step logins when available. Especially on financial sites.”

I use my windows 11 pc for all financials. Never my phone.

[Openurmind]

frontpagemag.com
…bootstrapcdn.com
…doubleclick.net
…google.com
…googletagmanager.com
…gstatic.com
…jnn-pa.googleapis.com
…trinitymedia.ai
…youtube.com

X/Twitter, why directly connected to Google and Apple?
…x.com
…cdn-apple.com
…google.com
…twimg.com

Newsweek:

newsweek.com
…33across.com
…3lift.com
…a-mx.com
…abtasty.com
…adsafeprotected.com
…adsrvr.org
…agkn.com
…amazon-adsystem.com
…aticdn.net
…ay.delivery
…casalemedia.com
…criteo.com
…crwdcntrl.net
…doubleclick.net
…doubleverify.com
…ebxcdn.com
…google.com
…googletagmanager.com
…headliner.link
…imasdk.googleapis.com
…indexww.com
…kargo.com
…ketchcdn.com
…liadm.com
…maze.co
…mgid.com
…ml314.com
…npttech.com
…openx.net
…outcomes.net
…p7cloud.net
…privacymanager.io
…pubmatic.com
…pushnami.com
…resetdigital.co
…rkdms.com
…rlcdn.com
…rubiconproject.com
…sail-horizon.com
…scorecardresearch.com
…smilewanted.com
…stickyadstv.com
…teads.tv
…the-ozone-project.com
…viafoura.co

FOX:
foxnews.com
…amazon-adsystem.com
…datadoghq-browser-agent.com
…doubleclick.net
…fncstatic.com
…google.com
…gstatic.com
…outbrain.com
…strike.fox

Breitbart:
breitbart.com
…ajax.googleapis.com
…cloudflare.com
…cookielaw.org
…doubleclick.net
…googlesyndication.com
…googletagmanager.com
…gstatic.com
…onetrust.com
…webcontentassessor.com

Grace To You:
gty.org
…cloudflare.com
…cloudflareinsights.com
…crazyegg.com
…doubleclick.net
…google-analytics.com
…googletagmanager.com
…gstatic.com
…reftagger.com
…youtube.com

New York Post:
nypost.com
…adlightning.com
…ads-twitter.com
…adsrvr.org
…amazon-adsystem.com
…cloudflare.com
…cookielaw.org
…doubleclick.net
…google.com
…googletagmanager.com
…id5-sync.com
…jwplayer.com
…liadm.com
…rlcdn.com
…spot.im
…typekit.net
…wp.com

Wall Street Journal:
wsj.com
…adsafeprotected.com
…amazon-adsystem.com
…cxense.com
…doubleclick.net
…doubleverify.com
…dowjones.io
…google.com
…gstatic.com
…newrelic.com
…privacy-mgmt.com
…privacymanager.io
…spot.im
…tinypass.com
…wsj.net
…zqtk.net

San Francisco Chronicle / SFGate.com:
sfgate.com
…agkn.com
…chartbeat.com
…everlit.audio
…ex.co
…googletagmanager.com
…hearstnp.com
…htlbid.com
…ketchcdn.com
…liadm.com
…newrelic.com
…newspapers-142716.uc.r.appspot.com
…ntv.io
…optable.co
…p-n.io
…revcontent.com
…sail-horizon.com
…scorecardresearch.com

Yale University Press:
yale.edu
…adroll.com
…doubleclick.net
…google-analytics.com
…google.com
…googletagmanager.com
…hotjar.com
…metricool.com
…newrelic.com
…sharethis.com
…siteimproveanalytics.com

Anyone getting the idea about the real problem here???

[dennisw]

“All your financial accounts should have 2FA (2 factor authentication, where you get a text with a 6 digit code), as well as separate strong passwords”

All mine ask for 2FA except for Chase. Maybe I turned it off inadvertently. I should get 2FA established for Chase.

[delta7]

As super computers and AI progresses, no passwords will be safe, just a matter of time.

[dennisw]

“As super computers and AI progresses, no passwords will be safe, just a matter of time.”

How about your unique iris scan on your laptop and “devices”, using this as your password. That and your fingerprint. The ultimate in 2 factor authentication.

[PeterPrinciple]

How about your unique iris scan on your laptop and “devices”, using this as your password. That and your fingerprint. The ultimate in 2 factor authentication.

---

according to movies and tv there are ways around this.

[Openurmind]

“How about your unique iris scan on your laptop and “devices”, using this as your password. That and your fingerprint. The ultimate in 2 factor authentication.”

Which can also be stolen from your phone or blocked remotely. Just get in the car and drive to the Bank...

[Bob434]

[[ But, direct Hacker access to log in pass words at Microsoft? I am skeptical]]

3specially when a company cpuld poten5ially be sued into bankruptcy if their lack of protection causes massive damages- maybe companies are somehow protected from suits, but i dont see how- perhaps though their excuse is “users shluld know the inherant risks associated with online use, ie buyer beware.

[Bob434]

How long before they hav3 “eyescan loggers” (like “keystroke loggers”)

[Moltke]

Solicitation. The article is an ad for the NordPass password manager.

Just saying...

[wgmalabama]

I checked and it gave one breach in 2024 to a site I have never used. So data is suspect.

[JimRed]

Hackers, like drug dealers and child molesters, should be executed when caught.

[JimRed]

Hackers, like drug dealers and child molesters, should be executed when caught.

[JimRed]

Microsoft Edge continuously scans the Dark Web for pass words.

If they see one of your archived passwords for sale, they immediately alert you by email.

I get so many fake emails, pretending to be what they're not, how could I trust that warning?