Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

⁨179⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ by ⁨shish_mish@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://www.forbes.com/sites/daveywinder/2025/06/18/16-billion-apple-facebook-google-passwords-leaked---change-yours-now/

source

Comments

Sort:hotnewtop
  • Boddhisatva@lemmy.world ⁨21⁩ ⁨hours⁩ ago

    Aaaah! Act now! Hurry! Change ALL your passwords! Your password was stolen by malware on your device so change it now… on your device… that still has malware… Wait a minute. Shouldn’t this article at least suggest removing the malware first?

    source
  • atrielienz@lemmy.world ⁨20⁩ ⁨hours⁩ ago

    I need more information. How is the malware being distributed to these devices? How can we check if our credentials are in this dump? Shouldn’t the respective platforms be doing due diligence to notify those effected and asking them to change their passwords?

    I feel it may be fairly likely that this inforstealer Malware is the type distributed by dubious apps the play store and similar have had to take down but aren’t actively notifying users who installed them. Is it predominantly phones that are effected or is this malware PC based? Changing your passwords is important but sounding the alarm with no actual information is just… Ill advised. It’s fear mongering.

    source
  • drspod@lemmy.ml ⁨23⁩ ⁨hours⁩ ago

    If your credentials are in an infostealer dump then you need to make sure that you’ve removed the malware from your device(s) before changing your passwords. Otherwise your new passwords will be sent straight to the same people who got them the first time.

    source
    • Yeldarb12@toast.ooo ⁨23⁩ ⁨hours⁩ ago

      In your opinion, what’s the best way to find and remove malware for the average user?

      I currently use Malwarebytes and windows defender. I’m wondering if this is enough or should I change something?

      source
      • drspod@lemmy.ml ⁨22⁩ ⁨hours⁩ ago

        I wouldn’t rely on software running on the (potentially infected) system, since all malware these days will attempt to turn off or evade antivirus tools.

        If you believe your device is compromised then you should wipe it and reinstall the OS. You should also delete any executable files on external media (secondary drives etc.) that may have been infected (eg. any setup.exe programs or portable exes), or at the very least verify the cryptographic hashes of those files if possible.

        If you want to know if your credentials appear in a breach then search on Have I Been Pwned?. If it says your password appeared in an “infostealer dump” then you know that it was stolen directly from your device and you need to wipe it. If it was just the website that was breached then it wasn’t you personally that was hacked and you should just change your password.

        source
      • BlameTheAntifa@lemmy.world ⁨8⁩ ⁨hours⁩ ago

        Windows Defender is absolutely useless and Malwarebytes is only slightly better. I’d recommend Bitdefender, and make sure it’s installed on a freshly erased computer. Digital security is an arms race and the bad guys are winning.

        source
  • Brewchin@lemmy.world ⁨16⁩ ⁨hours⁩ ago

    Reads more like an advertorial. Low on detail, high on “passkeys are the future”, and plenty of typos.

    source
  • sj_zero ⁨1⁩ ⁨day⁩ ago

    “This is not just a leak – it’s a blueprint for mass exploitation,” the researchers said.

    Are the researchers chatgpt? Because that looks almost word for word how chatgpt would write something like that, right down to the em-dash.

    • wioum@lemmy.world ⁨23⁩ ⁨hours⁩ ago

      Man, I love my em-dashes, but now im a bot for using it 😭

      source
      • saltesc@lemmy.world ⁨22⁩ ⁨hours⁩ ago

        Yeah, same. Long-time user of an em-dash—love a cheeky en-dash in my ranges too. But now LLMs are using them all the time, out of context, and with spaces on either side.

        Is nothing safe?! Next it’ll be semicolons!

        source
        • -> View More Comments
      • sj_zero ⁨10⁩ ⁨hours⁩ ago

        I think you'd probably be ok with using em-dashes (I typically use en-dashes myself but I'm lazy), but don't use cliche phrases like "It's not [x] -- it's [reframed x]"

      • TORFdot0@lemmy.world ⁨21⁩ ⁨hours⁩ ago

        It’s probably your fault, you loved em dashes too much that AI started using them after stealing all your content

        source
        • -> View More Comments
    • dual_sport_dork@lemmy.world ⁨22⁩ ⁨hours⁩ ago

      If it is, their stupid model forgot a “more” in this passage:

      Password compromise is no joke; it leads to account compromise and that leads to, well, the compromise of most everything you hold dear in this technological-centric world we live in. It’s why Google is telling billions of users to replace their passwords with much secure passkeys.

      (Wow, much secure. Very password.)

      source
      • TORFdot0@lemmy.world ⁨21⁩ ⁨hours⁩ ago

        This passage reads 100% like AI wrote. Right down to the over used turns of phrase that AI inserts into every output to the prompts you give it

        source
    • seven_phone@lemmy.world ⁨23⁩ ⁨hours⁩ ago

      Whenever I read any sort of AI response all I can hear is ‘All your bases are belong to me’.

      source
      • Xanthobilly@lemmy.world ⁨23⁩ ⁨hours⁩ ago

        Image

        source
        • -> View More Comments
    • PushButton@lemmy.world ⁨22⁩ ⁨hours⁩ ago

      What does the article say more than the title?

      Nothing, each paragraph is a remash of the previous saying nothing more than the title.

      That’s AI filling up a white page with words.

      source
  • A_norny_mousse@feddit.org ⁨22⁩ ⁨hours⁩ ago

    I couldn’t find in the article a list of all platforms affected, only this:

    billions of login credentials from social media, VPNs, developer portals and user accounts for all the major vendors.

    Since I don’t use the big three, I’d be really interested to see a list, before I go through every online account I ever created with a throwaway email.

    source
    • drspod@lemmy.ml ⁨22⁩ ⁨hours⁩ ago

      This article is about credentials that are stolen directly from users’ devices that are compromised with malware. So they will be that user’s passwords for whatever services they were using while infected with the malware. This is why the dumps contain passwords for just about every online service that exists.

      This isn’t an actual database breach of the major providers.

      source
      • A_norny_mousse@feddit.org ⁨22⁩ ⁨hours⁩ ago

        Thanks for clarifying. Still, does this affect every “device” user out there? There must be some sort of explanation here, what’s the attack vector etc. I couldn’t find it even on that Lithuanian guy’s website.

        source
        • -> View More Comments
  • avidamoeba@lemmy.ca ⁨21⁩ ⁨hours⁩ ago

    Is this real? The article gives no concrete details.

    source
  • pelya@lemmy.world ⁨18⁩ ⁨hours⁩ ago

    What’s the total human population again, 8 billion?

    source
    • mic_check_one_two@lemmy.dbzer0.com ⁨4⁩ ⁨hours⁩ ago

      I have like a dozen Gmail accounts, and I know plenty of others who do too. Before I owned my own domain, I used the different accounts for different things.

      source
    • Infinite@lemmy.zip ⁨16⁩ ⁨hours⁩ ago

      I don’t know about you, but I have 2 Apple accounts, 2 Facebook accounts, and like 9 Google accounts. I know I’m above average, but it’s not hard to have 1 of each for normal uses.

      source
  • just_another_person@lemmy.world ⁨23⁩ ⁨hours⁩ ago

    Need a breakdown first before everyone starts freaking out. This sounds like a UUID leak.

    source