Skip to main content

A gigantic trove of passwords has been released by bad actors, and there's a chance that yours is...

10 months 4 weeks ago #167 by PABlo
A gigantic trove of passwords has been released by bad actors, and there's a chance that yours is on there.⁠

According to Troy Hunt, the man behind the breach notification site "Have I Been Pwned" — which allows users to look up your email and see if and where your passwords and other user information have been compromised — it's one of the largest collections of breached data he's ever seen appear online.⁠

The cache of files, dubbed "Naz.API," contains more than 71 million email addresses and 100 million passwords. Thus far, more than 400,000 Have I Been Pwned (HIBP) subscribers have been impacted.⁠

The researcher said in his blog post that more than 65 percent of the email addresses in the breach had already been seen before in other HIBP datasets. This suggests, Hunt explained, that although a majority of the stolen data has already been floating around, over a third of it appears to be newly harvested.⁠

"When a third of the email addresses have never been seen before, that's statistically significant," he wrote. "This isn't just the usual collection of repurposed lists wrapped up
with a brand-new bow on it and passed off as the next big thing; it's a significant volume of new data."⁠

  • Administrator
  • Administrator

  • Posts: 157
  • Thank you received: 6

  • Gender: Unknown
  • Birthdate: Unknown
  • Please Log in to join the conversation.

    10 months 4 weeks ago #168 by PABlo

  • Administrator
  • Administrator

  • Posts: 157
  • Thank you received: 6

  • Gender: Unknown
  • Birthdate: Unknown
  • Please Log in to join the conversation.

    10 months 4 weeks ago #169 by Brian Brennan
    Alphabet ought to send out mandatory password change requests to all of its users on a monthly basis.Their multi factor is pretty good as is their authenticator plus log in alerts if new devices are detected trying to log in so I wonder, if a user is on Gmail, how could they be accessing accounts other than brute force attacks?

  • Administrator
  • Administrator

  • Posts: 2
  • Thank you received:

  • Gender: Unknown
  • Birthdate: Unknown
  • Please Log in to join the conversation.

    10 months 4 weeks ago #170 by Brian Brennan
    Alphabet ought to send out mandatory password change requests to all of its users on a monthly basis.Their multi factor is pretty good as is their authenticator plus log in alerts if new devices are detected trying to log in so I wonder, if a user is on Gmail, how could they be accessing accounts other than brute force attacks?

  • Administrator
  • Administrator

  • Posts: 2
  • Thank you received:

  • Gender: Unknown
  • Birthdate: Unknown
  • Please Log in to join the conversation.

    Powered by Kunena Forum