Trending

#CompromisedPasswords

Latest posts tagged with #CompromisedPasswords on Bluesky

Latest Top
Trending
#MJF Tribute #WBC #Javier Bardem #Marty Supreme #Andrade #Jessie Buckley #Academy Awards #MBJ #Autumn Durald Arkapaw #Wallace #MJF Tribute #WBC #Javier Bardem #Marty Supreme #Andrade #Jessie Buckley #Academy Awards #MBJ #Autumn Durald Arkapaw #Wallace

Posts tagged #CompromisedPasswords

CySecurity News
CySecurity News
@cysecuritynews.bsky.social
2 months ago
Preview
Why the Leak of 16 Billion Passwords Remains a Live Cybersecurity Threat in 2025  As the year 2025 comes to an end people are still talking about a problem with cybersecurity. This problem is really big. It is still causing trouble. A lot of passwords and login credentials were exposed. We are talking about 16 billion of them. People first found out about this problem earlier, in the year.. The problem is not going away. Experts who know about security say that these passwords and credentials are being used again in cyberattacks. So the problem is not something that happened a time ago it is still something that is happening now with the cybersecurity incident and the exposure of these 16 billion passwords and login credentials.  The big problem is that people who do bad things on the internet use something called credential stuffing attacks. This is when they try to log in to lots of websites using usernames and passwords that they got from somewhere else. They do this because lots of people use the password for lots of different things. So even if the bad people got the passwords a time ago they can still use them to get into accounts. If people did not change their passwords after the bad people got them then their accounts are still not safe today. Credential stuffing attacks are a deal because of this. Credential stuffing attacks can get into accounts if the passwords are not changed.  Recently people who keep an eye on these things have noticed that there has been a lot credential stuffing going on towards the end of the year. The people who study this stuff saw an increase in automated attempts to log in to virtual private network platforms. Some of these platforms were seeing millions of attempts to authenticate over short periods of time. Credential stuffing attacks, like these use computers to try a lot of things quickly rather than trying to find new ways to exploit software vulnerabilities. This just goes to show that credential stuffing can be very effective because it only needs a list of credentials that have been compromised to get around the security defenses of private network platforms and credential stuffing is a big problem.  The thing about this threat is that it just will not go away. We know this because the police found hundreds of millions of stolen passwords on devices that belonged to one person. People in charge of security say that this shows how long passwords can be used by people after they have been stolen. When passwords get out they often get passed from one person to another which means they can still be used for a time after they were first stolen. This is the case, with stolen passwords. Password reuse is a problem. People use the password for lots of things like their personal stuff, work and bank accounts.  This is not an idea because if someone gets into one of your accounts they can get into all of them. That means they can do a lot of damage like steal your money use your identity or get your information. Password reuse is a risk factor and it makes it easy for bad people to take over all of your accounts. Security professionals say that when you take action to defend yourself is very important. If you wait until something bad happens or your account is compromised it can cause a lot of damage. You should take steps before anything bad happens.  For example you should check the databases that list breached information to see if your credentials are exposed. This is an important thing to do to stay safe. If you can you should stop using passwords and start using stronger ways to authenticate, like passkeys. Security professionals think that passkeys are a safer way to do things and they can really reduce the risk of something bad happening to your Security. Checking for exposed credentials and using passkeys are ways to defend yourself and stay safe from people who might try to hurt you or your Security. When we talk about accounts that still use passwords experts say we should use password managers.  These managers help us create and store passwords for each service. This way if someone gets one of our passwords they cannot use it to get into our accounts. Password managers make sure we have strong passwords for each service so if one password is leaked it does not affect our other accounts.  Experts, like password managers because they help keep our accounts safe by making sure each one has a password. The scale of the 16 billion credential leak serves as a reminder that cybersecurity incidents do not end when headlines fade. Compromised passwords retain their threat value for months or even years, and ongoing vigilance remains essential.  As attackers continue to exploit old data in new ways, timely action by users remains one of the most effective defenses against account takeover and identity-related cybercrime.

Why the Leak of 16 Billion Passwords Remains a Live Cybersecurity Threat in 2025 #Accountsecurity #AccountTakeover #CompromisedPasswords

0 0 0 0
CyberTaters
CyberTaters
@potato.software
2 months ago

FBI Discovers 630 Million Stolen Passwords in Major Potatocrime Investigation #CompromisedPasswords #PotatoSecurity #Potatoattacks

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
2 months ago
Preview
FBI Discovers 630 Million Stolen Passwords in Major Cybercrime Investigation  A newly disclosed trove of stolen credentials has underscored the scale of modern cybercrime after U.S. federal investigators uncovered hundreds of millions of compromised passwords on devices seized from a single suspected hacker. The dataset, comprising approximately 630 million passwords, has now been integrated into the widely used Have I Been Pwned (HIBP) database, significantly expanding its ability to warn users about exposed credentials.  The passwords were provided to HIBP by the Federal Bureau of Investigation as part of ongoing cybercrime investigations. According to Troy Hunt, the security researcher behind the service, this latest contribution is particularly striking because it originates from one individual rather than a large breach aggregation. While the FBI has shared compromised credentials with HIBP for several years, the sheer volume associated with this case highlights how centralized and extensive credential theft operations have become.  Initial analysis suggests the data was collected from a mixture of underground sources, including dark web marketplaces, messaging platforms such as Telegram, and large-scale infostealer malware campaigns. Not all of the passwords were previously unknown, but a meaningful portion had never appeared in public breach repositories. Roughly 7.4% of the dataset represents newly identified compromised passwords, amounting to tens of millions of credentials that were previously undetectable by users relying on breach-monitoring tools.  Security experts warn that even recycled or older passwords remain highly valuable to attackers. Stolen credentials are frequently reused in credential-stuffing attacks, where automated tools attempt the same password across multiple platforms. Because many users continue to reuse passwords, a single exposed credential can provide access to multiple accounts, amplifying the potential impact of historical data leaks.  The expanded dataset is now searchable through the Pwned Passwords service, which allows users to check whether a password has appeared in known breach collections. The system is designed to preserve privacy by hashing submitted passwords and ensuring no personally identifiable information is stored or associated with search results. This enables individuals and organizations to proactively block compromised passwords without exposing sensitive data.  The discovery has renewed calls for stronger credential hygiene across both consumer and enterprise environments. Cybersecurity professionals consistently emphasize that password reuse and weak password creation remain among the most common contributors to account compromise. Password managers are widely recommended as an effective countermeasure, as they allow users to generate and store long, unique passwords for every service without relying on memory.  In addition to password managers, broader adoption of passkeys and multi-factor authentication is increasingly viewed as essential. These technologies significantly reduce reliance on static passwords and make stolen credential databases far less useful to attackers. Many platforms now support these features, yet adoption remains inconsistent.  As law enforcement continues to uncover massive credential repositories during cybercrime investigations, experts caution that similar discoveries are likely in the future. Each new dataset reinforces the importance of assuming passwords will eventually be exposed and building defenses accordingly. Regular password audits, automated breach detection, and layered authentication controls are now considered baseline requirements for maintaining digital security.

FBI Discovers 630 Million Stolen Passwords in Major Cybercrime Investigation #CompromisedPasswords #CyberSecurity #Cyberattacks

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
3 months ago
Preview
Google Password Warning Explained: Why Gmail Users Should Switch to Passkeys Now  Despite viral claims that Google is instructing every Gmail user to urgently change their password because of a direct breach, the reality is more nuanced. Google is indeed advising users to reset their credentials, but not due to a compromise of Gmail accounts themselves. Instead, the company is urging people to adopt stronger authentication—including passkeys—because a separate incident involving Salesforce increased the likelihood of sophisticated phishing attempts targeting Gmail users.   The issue stems from a breach at Salesforce, where attackers linked to the ShinyHunters group (also identified as UNC6040) infiltrated systems and accessed business-related Gmail information such as contact directories, organizational details, and email metadata. Crucially, no Gmail passwords were stolen. However, the nature of the compromised data gives hackers enough context to craft highly convincing phishing and impersonation attempts.  Google confirmed that this breach has triggered a surge in targeted phishing and vishing campaigns. Attackers are already posing as Google, IT teams, or trusted service vendors to deceive users into sharing login details. Some threat actors are even placing spoofed phone calls from 650–area-code numbers, making the fraud appear to originate from Google headquarters. According to Google’s internal data, phishing and vishing together now account for roughly 37% of all successful account takeovers, highlighting how effective social engineering continues to be for cybercriminals.  With access to workplace information, attackers can send messages referencing real colleagues, departments, and recent interactions. This level of personal detail makes fraudulent communication significantly harder to recognize. Once users disclose credentials, attackers can easily break into accounts, bypass additional safeguards, and potentially remain undetected until major damage has been done.  Google’s central message is simple—never share your Gmail password with anyone. Even callers who sound legitimate or claim to represent support teams should not be trusted. Cybersecurity experts emphasize that compromising an email account can grant attackers control over nearly all linked services, since most account recovery systems rely on email-based reset links.  To reduce risk, Google continues to advocate for passkeys, which replace traditional passwords with device-based biometric authentication. Unlike passwords, passkeys cannot be phished, reused, or guessed, making them substantially more secure. Google also encourages users to enable app-based two-factor authentication instead of SMS codes, which can be intercepted or spoofed.  Google’s guidance for users focuses on regularly updating passwords, enabling 2FA or passkeys, staying alert to suspicious messages or calls, using the Security Checkup tool, and taking immediate action if unusual account activity appears. This incident demonstrates how vulnerabilities in external partners—in this case, Salesforce—can still put millions of Gmail users at risk, even when Google’s own infrastructure remains protected. With more than 2.5 billion Gmail accounts worldwide, the platform remains a prime target, and ongoing awareness remains the strongest defense.

Google Password Warning Explained: Why Gmail Users Should Switch to Passkeys Now #CompromisedPasswords #CyberSecurity #Googlesecurity

1 0 0 0
Shea the Spirited🏳️‍⚧️🌻🍉🏴
Shea the Spirited🏳️‍⚧️🌻🍉🏴
@dementiadoula-us.bsky.social
8 months ago
Preview
16 billion logins stolen in one of largest data breaches: What to do now Researchers said that the breach could be the largest of its kind in history.

This is HUGE news. Go change ALL your passwords now.

#DataBreech
#CompromisedPasswords

0 0 0 0