A gigantic trove of passwords has been released by bad actors, and there's a chance that yours is...

A gigantic trove of passwords has been released by bad actors, and there's a chance that yours is on there.⁠
⁠
According to Troy Hunt, the man behind the breach notification site "Have I Been Pwned" — which allows users to look up your email and see if and where your passwords and other user information have been compromised — it's one of the largest collections of breached data he's ever seen appear online.⁠
⁠
The cache of files, dubbed "Naz.API," contains more than 71 million email addresses and 100 million passwords. Thus far, more than 400,000 Have I Been Pwned (HIBP) subscribers have been impacted.⁠
⁠
The researcher said in his blog post that more than 65 percent of the email addresses in the breach had already been seen before in other HIBP datasets. This suggests, Hunt explained, that although a majority of the stolen data has already been floating around, over a third of it appears to be newly harvested.⁠
⁠
"When a third of the email addresses have never been seen before, that's statistically significant," he wrote. "This isn't just the usual collection of repurposed lists wrapped up
with a brand-new bow on it and passed off as the next big thing; it's a significant volume of new data."⁠
⁠

SOURCE ARTICLE: futurism.com/the-byte/giant-password-data-breach

Alphabet ought to send out mandatory password change requests to all of its users on a monthly basis.Their multi factor is pretty good as is their authenticator plus log in alerts if new devices are detected trying to log in so I wonder, if a user is on Gmail, how could they be accessing accounts other than brute force attacks?

Alphabet ought to send out mandatory password change requests to all of its users on a monthly basis.Their multi factor is pretty good as is their authenticator plus log in alerts if new devices are detected trying to log in so I wonder, if a user is on Gmail, how could they be accessing accounts other than brute force attacks?