Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Sharing 2.2 Billion Record Mega-Credential Dump

posted by mrpg on Tuesday February 05 2019, @05:21AM   Printer-friendly
from the ****** dept.

RandomFactor writes:

Wired has an article up on hackers serving up stolen credentials in an all you can eat buffet.

WHEN HACKERS BREACHED companies like Dropbox and LinkedIn in recent years—stealing 71 million and 117 million passwords, respectively—they at least had the decency to exploit those stolen credentials in secret, or sell them for thousands of dollars on the dark web. Now, it seems, someone has cobbled together those breached databases and many more into a gargantuan, unprecedented collection of 2.2 billion unique usernames and associated passwords and is freely distributing them on hacker forums and torrents, throwing out the private data of a significant fraction of humanity like last year's phone book.

In a bit of libre philosophy remeniscent of 'data wants to be free' Chris Rouland, a cybersecurity researcher opines on the megadump

"It's entropy. When the data is out there, it’s going to leak."

Random Reminder - Password managers such as Password Safe and the always cheerful site for checking if your credentials are already pwned https://haveibeenpwned.com/ are your friends. Might be worth an update check on your email addresses (as of 1/30 the new dump was not fully reflected in haveibeenpwned results, but that has likely been remedied by now.)

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hackers Sharing 2.2 Billion Record Mega-Credential Dump | Log In/Create an Account | Top | 6 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0, Troll) by aristarchus on Tuesday February 05 2019, @07:14AM (1 child)

    by aristarchus (2645) on Tuesday February 05 2019, @07:14AM (#796542) Journal

    My username and password, that lead the nefarious dark-webber to my horde of aristarchus submissions on SoylentNews? Should be able to sell those for beau-coup bucks on the internets! I mean, according to some website I have visited, an aristarchus submission getting over a hundred comments, and over 1K views, is worth $2.50 to Google Doubleclit Adsensorium, if the SN was doing stuff like that. So who, besides Runaway, puts personally identifiable stuff on the internets? My bank knows who I am, because I show them my face, and the currency in real-time reality. Now, if I had some bit-coin, and my name was Donald, all that would change.

    Starting Score:    1  point
    Moderation   -2  
       Offtopic=1, Troll=1, Total=2
    Extra 'Troll' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   0  

  • (Score: 2, Funny) by Anonymous Coward on Tuesday February 05 2019, @11:38AM

    by Anonymous Coward on Tuesday February 05 2019, @11:38AM (#796610)

    So you run the fake donald trump account! BUSTED!!!!