16 BILLION PASSWORDS #LEAKED: APPLE, GOOGLE, FB USERS EXPOSED

The largest password leak ever: 16B login #credentials—Apple, Google, FB, GitHub & more—are now circulating.

Sourced from 30+ fresh datasets (not recycled), it includes usernames, passwords, URLs, emails & login sequences.

A blueprint for #phishing & account takeovers at scale.

Act fast. Stay ahead.

Epic 16B login #leak nobody heard about​ | Cybernews

Several collections of login #credentials reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various #infostealers.
#privacy #security #databreach

https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/

Mysterious Database of 184 Million Records Exposes Vast Array of Login #Credentials
A trove of #breach data, which has now been taken down, includes user logins for platforms including Apple, Google, and Meta. Among the exposed accounts are ones linked to dozens of governments.
https://www.wired.com/story/mysterious-database-logins-governments-social-media/
https://archive.ph/ybk1x
#security #ITSec

Mysterious Database of 184 Million Records Exposes Vast Array of #Login #Credentials | WIRED

A trove of #breached data, which has now been taken down, includes user logins for platforms including #Apple , #Google , and #Meta. Among the exposed accounts are ones linked to dozens of governments.
#security #privacy

https://www.wired.com/story/mysterious-database-logins-governments-social-media/

Mysterious Database of 184 Million Records Exposes Vast Array of #Login #Credentials
#pii #security #privacy
https://www.wired.com/story/mysterious-database-logins-governments-social-media/

Can we change our passwords now?!

A huge unsecured credential database discovery is a great reminder to change your passwords

https://www.engadget.com/cybersecurity/a-huge-unsecured-credential-database-discovery-is-a-great-reminder-to-change-your-passwords-210537400.html?src=rss

CISA/DOGE Software Engineer's Login #Credentials Appeared in Multiple #Leaks From Info-Stealing #Malware in Recent Years - Slashdot
#cisa #doge #security

https://yro.slashdot.org/story/25/05/11/0451222/cisadoge-software-engineers-login-credentials-appeared-in-multiple-leaks-from-info-stealing-malware-in-recent-years?utm_source=rss1.0mainlinkanon&utm_medium=feed

Malicious #npm Packages Infect 3,200+ #Cursor Users With #Backdoor, Steal #Credentials

#Cybersecurity researchers have flagged 3 malicious npm packages that are designed to target the Apple #macOS version of Cursor

"Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's main.js file, & disable auto-updates to maintain persistence,"

https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

If you use #Gmail, you need to know about this #phishing attack, as described by Malwarebytes Labs: "Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google ... to persuade people into handing over their Google #account #credentials." https://tinyurl.com/47y6pvus

Who needs #phishing when your login's already in the wild?
Stolen #credentials edge out email tricks for cloud break-ins because they're so easy to get
Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant's list of most common initial infection vectors.
https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/
#itsec #security

Here's a script I wrote to test the *next* #credentials checker module for #swad: "exec"

Thoughts on storing TOTP/MFA codes within your password wallet? Even a cloud-based one.

My org is currently considering 1Password and we're up in arms about this feature. On their side 1Password claim it improves security: https://blog.1password.com/1password-2fa-passwords-codes-together/

I'm interested to know what other teams think

#security #password #credentials #passwordmanager #1password

https://www.europesays.com/1982961/ Nepal’s Ambassador to Belgium Lamsal presents credentials #België #belgien #Belgique #belgium #credentials #Nachrichten #Nieuws #Nouvelles #SewaLamsal

There are lots of #plugins/services that allow you to sync your #browser saved website #credentials across multiple devices; even #sync between ecosystems (chrome/google account <--> Microsoft acc).

But - leaving aside "password sharing is Baaaad" and "probably violates a TOS somewhere" issues - does anyone know of a plugin/service that allows you to share a saved login with a trusted other?

e.g. share an newspaper #subscription account with a partner _without_ a shared google account.

Anyone who is a non-citizen of the US -- important note here from the EFF.

(Not YET an issue for US citizens, but it's likely coming where this administration can apply pressure and/or if legal measures fail to stem these moves. i.e. "present your papers")

https://mastodon.social/@eff/114230331164640659

#PasswordReuse is rampant: nearly half of observed user #logins are compromised
Many users recycle #passwords, creating a ripple effect of risk when #credentials are leaked.
Based on Cloudflare's observed traffic between Sep-Nov 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords.
When including bots 52% of all authentication requests contain leaked passwords found in our 15B record database, including Have I Been Pwned.
https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/

Trojaned AI Tool Leads to Disney Hack

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers tak... https://www.schneier.com/blog/archives/2025/03/trojaned-ai-tool-leads-to-disney-hack.html

The @w3c Federated Identity #WorkingGroup aims to create specs for secure, #privacy friendly, and user-controlled #authentication and credential presentation
https://www.w3.org/groups/wg/fedid/

Their updated charter introduces the Digital Credentials #API, which facilitates user agents in managing access to and presenting digital #credentials, such as a driver's license, government-issued ID, or other forms of digital credentials.

Find out more about this work by @sphcow: https://youtu.be/GI3UTZJ0Ue4

Ah, yes, the timeless art of #B&E, now with a #tech #twist! Our hero, Eric, wields his phone like a magic wand, casting the spell of "#default #credentials" to waltz into #apartment buildings. Who needs a life of crime when you have expired credentials and missed ferry rides? In 2025, breaking and entering is just a casual #Sunday #hobby, right after brunch.
https://www.ericdaigle.ca/posts/breaking-into-dozens-of-apartments-in-five-minutes/ #hacking #HackerNews #ngated

#ElonMusk staff Have #Infiltrated Another #Government Agency - Elon Musk’s former employees are trying to use #WhiteHouse #credentials to access General Services Administration #GSA tech, giving them the potential to remote into #laptops, read #emails, and more, sources say. mass #cybercrime attack against the federal government #infosec this #cybersecurity breach by non government agents is a crime. the damage will be irreparable. https://www.wired.com/story/elon-musk-lackeys-general-services-administration/ see also https://newsie.social/deck/@bespacific/113925143469018542