The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.
Do the people that release these get paid somehow? Or do they just do it for hacker cred and say fuck these 2.6M people?
RanchOnPancakes@lemmy.world 1 year ago
Oh no. Now they know the aliased email address, unique password, and that I didn’t try very hard to learn spanish.
(please note: this is a joke, I don’t see anything about them getting passwords)
stevedidWHAT@lemmy.world 1 year ago
Something to note here - with AI, if you’re using any sort of heuristic for your password, it’s pretty simple to work out a pretty good set of possibilities which makes brute force even easier and puts you at risk across the board.
Always come up with random passwords that are as random as possible. If there’s a path you took to get to a password, in theory it can be worked backward.
For example I know some people who only change a single letter when changing their passwords which is ultimately trivial to guess if the old password was compromised (hence the need to change the password or the need to proactively work against this possibility)
lobut@lemmy.ca 1 year ago
I use a heuristic to update my main passwords. It’s not a character but easily guessable if you see it in plaintext and now you’ve made me facepalm my actions.
I only use that for certain things because I use Google Oauth or Bitwarden for most things and you’ve just woken me up about what could be exposed.
Tyler_Zoro@ttrpg.network 1 year ago