More passwords posted from the security breaches. Up now to 9.9 Billion PWs

esquared · Jul 6, 2024

So yeah, there's a security forum I could have posted this in but it would only reach a small percentage of people.

There was another breach that was added to the MOAB of 8.4 Billion PWs. Adding another 1.5 Billion to the total. That's now at 9.9 Billion PWS.

Just reminding people if you're bothered by all this, it's probably time to change PWs.
Just a friendly PSA from the mods.

https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/

There's a link to check PWs in this article.

https://www.pcmag.com/news/rockyou2024-10-billion-passwords-exposed-largest-leak-ever

Fenixgoon · Jul 7, 2024

Can we just run through HaveIBeenPwned?

Red Squirrel · Jul 7, 2024

This shows how it's important to use different passwords for everything as well.

But yeah probably due to go around and change passwords for at least all the important stuff to be safe.

snoopy7548 · Jul 7, 2024

One of the nice things about using a password manager (specifically Keepass) is you can download the HaveIBeenPwned password list and run all of your passwords through it offline using the HIBP plugin. The list is from 2022 so it doesn't cover this breach, but eh.

SKORPI0 · Jul 7, 2024

My 15 character(letters, numbers and symbols) password is randomly generated, what's the chances of it being in that list?
Some sites send a 5-6 code to my phone to verify its actually me.

GodisanAtheist · Jul 7, 2024

At some point there will be so many compromised passwords out there that it will be simpler and faster to just brute force attack stuff.

Red Squirrel · Jul 7, 2024

Pretty much all my passwords now are randomly generated strings that look like this:

#N)sh1bCu>L~r)im&AUFAiF0g3TPyov4O~05G60yM3>7e06

Sometimes I run into the odd site that don't like some of the special characters though. So dumb to have restrictions like that, everything is suppose to be hashed anyway so even if it's going into some weird archaic database system it shouldn't matter.

Then there's my credit card, they changed their site and the new login form doesn't allow to paste passwords. So dumb. I went with something a bit easier to type and have the browser remember it now, so it's not exactly the most secure thing, but if someone hacks my credit card account and wants to pay my bill they're more than welcome to.

WilliamM2 · Jul 7, 2024

Red Squirrel said:
Then there's my credit card, they changed their site and the new login form doesn't allow to paste passwords. So dumb. I went with something a bit easier to type and have the browser remember it now, so it's not exactly the most secure thing, but if someone hacks my credit card account and wants to pay my bill they're more than welcome to.

You don't have to paste in passwords.
KeepPass has an auto type feature that gets around that easily. I'm sure other managers do as well.

I use as complicated a password as the site will allow. Except forums.

WilliamM2 · Jul 7, 2024

So they have a huge list of passwords, the article doesn't mention if they also got usernames. Kinda need both.

lxskllr · Jul 7, 2024

WilliamM2 said:
So they have a huge list of passwords, the article doesn't mention if they also got usernames. Kinda need both.

That was implied I think. If you stole a password, I'm sure it was sitting there with the username, and organized by site by the thieves.

Red Squirrel · Jul 7, 2024

WilliamM2 said:
You don't have to paste in passwords.
KeepPass has an auto type feature that gets around that easily. I'm sure other managers do as well.

I use as complicated a password as the site will allow. Except forums.

I wrote my own web based password manager since I wanted it to be hosted on a server I control and not rely on any specific device, browser, or computer, and be part of the backup routine. By nature it does mean I need to copy/paste though.

darkswordsman17 · Jul 7, 2024

SKORPI0 said:
My 15 character(letters, numbers and symbols) password is randomly generated, what's the chances of it being in that list?
Some sites send a 5-6 code to my phone to verify its actually me.

Doesn't matter if the password database gets cracked. And in many instances it doesn't even need that (there's still "hacks" where they find passwords stored in unencrypted text files). All that nonsense did is stop brute force attacks, which aren't even the main way passwords are being pilfered now, so all that headache for nothing since people can't remember their passwords so they have to rely on multiple other means.

Also, with many modern systems forcing 2 factor authentication, they can't access your account just because they have the login info. But, other attacks, like SIM swapping is becoming more prevalent and there's not a damn thing you can do about that since it happens outside your control.

Also, this is shit that AI is going to far outstrip our abilities to defend against, and none of the AI occultist dumbfucks even considered that for a second. The host of one of the podcasts I listen to (Behind the Bastards) asked Google and OpenAI people at a tech symposium after they tried claiming that their AI stuff was gonna protect us from all these attacks. They didn't like when asked how many of the attacks are because of their AI in the first place, nor could they even answer it. Its all fucking bullshit. And they'll use AI to do social attacks (aka, they'll mimic your voice when calling in to get access or the like).

More passwords posted from the security breaches. Up now to 9.9 Billion PWs

esquared

Forum Director & Omnipotent Overlord

Fenixgoon

Lifer

Red Squirrel

No Lifer

snoopy7548

Diamond Member

SKORPI0

Lifer

GodisanAtheist

Diamond Member

Red Squirrel

No Lifer

WilliamM2

Platinum Member

WilliamM2

Platinum Member

lxskllr

No Lifer

Red Squirrel

No Lifer

darkswordsman17

Lifer

TRENDING THREADS