Your Password Is Probably In This Leak

A collection of supermassive password databases was leaked last week, revealing 16B password credentials. That’s right—two for every person on Earth spanning every app you can think of.

Take Back Our Tech
Take Back Our Tech

A collection of supermassive password databases was leaked last week, revealing 16B password credentials. That’s right—two for every person on Earth spanning every app you can think of.

Cybernews, a security-focused outlet, discovered the leak on the dark web across 30 different datasets.

And it’s not just old data, these are newly gathered accounts that include websites, usernames, passwords, and even login cookies.

Typically, datasets like these are sold for huge sums on the Dark Web. They’re all ready to go for automated account takeovers and identity thefts. Hackers write programs to go through the information row by row and attempt to break into different accounts.

Check out a list of the databases and the number of leaks they have.

Of note are the 60M Telegram accounts in addition to leaks from big tech companies including Apple, Facebook, Google, GitHub, Zoom, and Twitch.

The researchers say that the format matches up with the output of ‘info-stealers,’ which is a popular type of malware that can be deployed on your machine through social engineering—getting you to download something you shouldn’t have or even pretending to be legitimate software.

Once on your machine, it searches through common locations where sensitive information is stored, such as your browser’s password database or sensitive documents. Any sensitive files or accounts are then manually or automatically exfiltrated to the attacker’s machine.

Here’s an example of what that output looks like:

How do you protect yourself? Your biggest risk is visiting a website that has malicious third parties that get you to download an info stealer on your machine. You can better protect yourself with a private browser and browser extensions that block third-party scripts.

For more on how to set up a private browser and these browser extensions, check out Above’s webinar Web Browsing For Privacy Lovers:

https://learn.abovephone.com/course/web-browsing-for-privacy-lovers/

🪧 Follow the TBOT show on Substack
📝 Follow our blog

#TBOT related news:

🧠 Take a deep dive into SIM swapping in our latest Above webinar.

📲 Free Download: 5 Must-Change Privacy Settings on iPhone & Android

🛡️ Get your privacy gear here.

Take Back Our Tech

Lets use technology that doesn't use us.