Posted on 05/31/2025 5:08:00 AM PDT by dennisw
Hackers just hit a massive jackpot: 184 million accounts across Apple, Google and Microsoft were exposed in a sweeping data breach. I’m talking email addresses, usernames, passwords, device info (the whole buffet), now up for grabs on the dark web.
Before you say, “I’m safe, I use strong passwords,” or “I’ve never been hacked,” take a second to think. These weren’t obscure services. This breach hit the biggest names in tech. Household-name-level oopsie.
If your login credentials got caught in the cross fire, hackers are already trying to use them to break into your other accounts.
The hidden risk It’s so easy to click “Save Password” in Chrome, Safari or Edge. But if your browser can autofill your logins, so can anyone else with access to your device. Hackers know this. That convenient feature could be the weakest link in your entire digital life.
Google and Apple both offer built-in password managers. But are you really comfortable trusting the same companies that monetize your data with your most sensitive logins?
Here’s what makes this breach different This was a perfect storm for credential stuffing. That’s when criminals take one exposed password and try logging into thousands of other accounts. If you’ve ever reused a password, you’re vulnerable.
Your Netflix password might not seem like a big deal, until they use that same password to drain your PayPal or breach your health records. So go change all your passwords. I’ll wait.
(Excerpt) Read more at komando.com ...
I get Kurt the CyberGuy’s daily newsletter, and he was saying this is HUGE. Apple put out an immediate alert with an update fix available. I checked my phone and it had already updated to iOS 18.5.
Here is the problem... when you land on the source page for this article these are the hidden spy scripts hitting your browser. And most of them follow you around the net wherever you go and collect log in credentials...
komando.com
…convertkit.com
…crazyegg.com
…google-analytics.com
…googlesyndication.com
…googletagmanager.com
…gstatic.com
…privacy-mgmt.com
…pub.network
…sparkloop.app
GOOGLE is the MAIN violator...
In fact, even when I store my password encrypted locally, I don't save the prefix. I just put in a placeholder like '{prefix}' in its place. I commit the prefix to memory and share it only by voice with the very few who may someday need it.
The browser's memorization of passwords can be an Achilles' heel. In fact, I think I'll stop using that browser feature altogether and just copy/paste from my local vim file to address that weakness.
Hackers may be able to get my screen name or Hotmail account name.
But, direct Hacker access to log in pass words at Microsoft? I am skeptical.
Earlier reports on this massive hack said it involves a Third Party vendor.
If that is the case, than your MSFT log in password is probably completely safe.
In addition, everyone should freeze your credit.
This means contacting the four credit agencies and ask them to freeze your credit.
This means no one will be able to take out credit in your name INCLUDING YOU.
You will also need to keep a letter sent to you by one of those agencies in a safe place because it will make unfreezing your credit easier in the future.
I did this after I was one of the millions of victims of the Experian data breach.
My credit has been frozen for at least seven years or more.
I have not taken out any type of loan or new credit card in that time.
This is Free in some states.
There may be a small one time fee with one or two of the agencies.
There is absolutely no need to pay for some credit monitoring company.
When I was a victim of the breach Experian would have given me free credit monitoring for two years.
However, after that I would have had to pay for the service.
Microsoft Edge continuously scans the Dark Web for pass words.
If they see one of your archived passwords for sale, they immediately alert you by email.
“I use two step logins when available. Especially on financial sites.”
I use my windows 11 pc for all financials. Never my phone.
frontpagemag.com
…bootstrapcdn.com
…doubleclick.net
…google.com
…googletagmanager.com
…gstatic.com
…jnn-pa.googleapis.com
…trinitymedia.ai
…youtube.com
X/Twitter, why directly connected to Google and Apple?
…x.com
…cdn-apple.com
…google.com
…twimg.com
Newsweek:
newsweek.com
…33across.com
…3lift.com
…a-mx.com
…abtasty.com
…adsafeprotected.com
…adsrvr.org
…agkn.com
…amazon-adsystem.com
…aticdn.net
…ay.delivery
…casalemedia.com
…criteo.com
…crwdcntrl.net
…doubleclick.net
…doubleverify.com
…ebxcdn.com
…google.com
…googletagmanager.com
…headliner.link
…imasdk.googleapis.com
…indexww.com
…kargo.com
…ketchcdn.com
…liadm.com
…maze.co
…mgid.com
…ml314.com
…npttech.com
…openx.net
…outcomes.net
…p7cloud.net
…privacymanager.io
…pubmatic.com
…pushnami.com
…resetdigital.co
…rkdms.com
…rlcdn.com
…rubiconproject.com
…sail-horizon.com
…scorecardresearch.com
…smilewanted.com
…stickyadstv.com
…teads.tv
…the-ozone-project.com
…viafoura.co
FOX:
foxnews.com
…amazon-adsystem.com
…datadoghq-browser-agent.com
…doubleclick.net
…fncstatic.com
…google.com
…gstatic.com
…outbrain.com
…strike.fox
Breitbart:
breitbart.com
…ajax.googleapis.com
…cloudflare.com
…cookielaw.org
…doubleclick.net
…googlesyndication.com
…googletagmanager.com
…gstatic.com
…onetrust.com
…webcontentassessor.com
Grace To You:
gty.org
…cloudflare.com
…cloudflareinsights.com
…crazyegg.com
…doubleclick.net
…google-analytics.com
…googletagmanager.com
…gstatic.com
…reftagger.com
…youtube.com
New York Post:
nypost.com
…adlightning.com
…ads-twitter.com
…adsrvr.org
…amazon-adsystem.com
…cloudflare.com
…cookielaw.org
…doubleclick.net
…google.com
…googletagmanager.com
…id5-sync.com
…jwplayer.com
…liadm.com
…rlcdn.com
…spot.im
…typekit.net
…wp.com
Wall Street Journal:
wsj.com
…adsafeprotected.com
…amazon-adsystem.com
…cxense.com
…doubleclick.net
…doubleverify.com
…dowjones.io
…google.com
…gstatic.com
…newrelic.com
…privacy-mgmt.com
…privacymanager.io
…spot.im
…tinypass.com
…wsj.net
…zqtk.net
San Francisco Chronicle / SFGate.com:
sfgate.com
…agkn.com
…chartbeat.com
…everlit.audio
…ex.co
…googletagmanager.com
…hearstnp.com
…htlbid.com
…ketchcdn.com
…liadm.com
…newrelic.com
…newspapers-142716.uc.r.appspot.com
…ntv.io
…optable.co
…p-n.io
…revcontent.com
…sail-horizon.com
…scorecardresearch.com
Yale University Press:
yale.edu
…adroll.com
…doubleclick.net
…google-analytics.com
…google.com
…googletagmanager.com
…hotjar.com
…metricool.com
…newrelic.com
…sharethis.com
…siteimproveanalytics.com
Anyone getting the idea about the real problem here???
“All your financial accounts should have 2FA (2 factor authentication, where you get a text with a 6 digit code), as well as separate strong passwords”
All mine ask for 2FA except for Chase. Maybe I turned it off inadvertently. I should get 2FA established for Chase.
As super computers and AI progresses, no passwords will be safe, just a matter of time.
“As super computers and AI progresses, no passwords will be safe, just a matter of time.”
How about your unique iris scan on your laptop and “devices”, using this as your password. That and your fingerprint. The ultimate in 2 factor authentication.
How about your unique iris scan on your laptop and “devices”, using this as your password. That and your fingerprint. The ultimate in 2 factor authentication.
“How about your unique iris scan on your laptop and “devices”, using this as your password. That and your fingerprint. The ultimate in 2 factor authentication.”
Which can also be stolen from your phone or blocked remotely. Just get in the car and drive to the Bank...
[[ But, direct Hacker access to log in pass words at Microsoft? I am skeptical]]
3specially when a company cpuld poten5ially be sued into bankruptcy if their lack of protection causes massive damages- maybe companies are somehow protected from suits, but i dont see how- perhaps though their excuse is “users shluld know the inherant risks associated with online use, ie buyer beware.
How long before they hav3 “eyescan loggers” (like “keystroke loggers”)
Solicitation. The article is an ad for the NordPass password manager.
Just saying...
I checked and it gave one breach in 2024 to a site I have never used. So data is suspect.
Hackers, like drug dealers and child molesters, should be executed when caught.
Hackers, like drug dealers and child molesters, should be executed when caught.
If they see one of your archived passwords for sale, they immediately alert you by email.
I get so many fake emails, pretending to be what they're not, how could I trust that warning?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.