Data Leak Exposes 149M Logins, Including Gmail, Facebook

https://www.techrepublic.com/article/news-149-million-passwords-exposed-infostealer-database/

97•saikatsg•1w ago

Comments

treelover•1w ago

Time to change our passwords

charcircuit•1w ago

Is this even new? Or is this the same bunch of stealer logs that has been floating around repackaged? This 149M is meaningless without removing the already seen entries and getting rid of duplicates.

OptionOfT•1w ago

This is a great question. I saw this and first thing I thought was:

Am I a part of this?

If this is a collection of stealer logs, no, but if it is Google & Facebook that have been hacked / had data leaked, then yes.

So far I've not heard anything from either, so I'm gonna assume that it didn't happen through those services until I hear otherwise.

KaiserPro•1w ago

and Is this on haveibeenpwnd yet?

sandworm101•1w ago

IMHO, any password shared with google and/or Facebook is instantly "leaked". I trust them less with my passwords than I do randos.

nurettin•1w ago

Reminds me of old IRC where you would trick a noob into revealing their password, then kick them out a bunch until they changed it. Channel would have a good laugh.

pickleRick243•1w ago

I don't understand, why do you say this? I would think that google's security is very solid, and am not aware of them ever being hacked to gain access to user accounts/passwords. Are you saying they're deliberately leaking user passwords to 3rd parties?

sandworm101•1w ago

It isn't that they leak to others. I DWAN not like them knowing my passwords, even if they are necessary. I'd rather not have to deal with them.

orion7•1w ago

Companies trust them with their passwords and intellectual property and remain in business. It's insane to me too, but that's the world we actually live in

rvz•1w ago

I have just heard celebrations from millions of AI agents living in data centers cheering on yet another data leak full of unique login data ready to train on.

Now these AI agents are going to use this to get to know about us humans even more.

bahmboo•1w ago

This is aggregated data from info stealers not from compromising Google or FB systems.

tamimio•1w ago

It should be a standard practice to have a unique email and password for every service you use out there, plus the usual like 2FA. I have been doing this for years and never had any issue, but also you can tell if the service got compromised even if they never announced it. For example, I have an account on a service called Shakepay, and recently I have been getting a lot of phishing attempts on that specific unique email that's never been used anywhere else. I can tell for certain that their email database got leaked/they sold it.

accrual•1w ago

How do you manage having potentially many different email accounts?

jorts•1w ago

Just adding plus signs and the vendor name in the address would do it.

mmasu•1w ago

isn’t this easy for a potential attacker to mitigate, i.e. dropping from the address everything after the plus? it’s a known trick for gmail so i would not be surprised if an attacker knew how to get to the “real” address by cleaning it up.

tamimio•1w ago

Yes, even some attackers I noticed they excluded all custom domains from their dumps to avoid alerting individuals before they sell it. It’s why it’s better to have a fully unique email, preferably masked one (not custom domains) as some email services provider do, so you get the isolation feature but also blending in without going noticed by attackers.

tamimio•1w ago

A lot of email services that provide the aliasing feature have seamless integration with password managers, so when you sign up you generate a unique email and password on the fly, and it get saved in the manager.

lunar_rover•1w ago

Outlook supports having multiple arbitrary email addresses as well as allowing login from only one of them.

Saris•1w ago

It's only 1 email account but with either catch-all or aliases configured.

zero-sharp•1w ago

So I just searched my email on HIBP again. Most of the leaks I see there were from old websites I hardly cared about securing from many years ago. But, in general, how do I find out what has actually been leaked (if it's not website specific)?

I'm not going to change all of my passwords every time a random website that I used briefly ten years ago leaks my low effort password.

LeifCarrotson•1w ago

You shouldn't have to change any passwords on other sites because you shouldn't be reusing passwords.

consp•1w ago

I use separate emails for all accounts and that get's me in trouble when companies "consolidate" accounts because "everyone uses the same email for all accounts". Your good idea might be true, practice is not.

I've had this twice now in one year ...

usea•1w ago

The parent was talking about different passwords, not different emails. But I'm curious, what does it mean for a company to consolidate accounts? How would that be done to your separate accounts automatically, and what trouble does it cause? And what is the normal case where people have multiple accounts all with the same email?

I just don't understand the circumstance you're describing.

Saris•1w ago

Each site should ideally have a unique password so you only need to change that one.

conartist6•1w ago

Exactly! Then you write each password down in your notebook of passwords and pat yourself on the back for how hard it would be to compromise all your accounts in one go ;)

Saris•1w ago

Well hopefully you're using something with client side encryption and not a plain text notebook!

edgineer•1w ago

There are sites for searching for your (or anyone else's) publicly revealed information, but the one free one I knew of was forced offline.

Downloading the datasets--there are so many with so few options to obtain them. The mega-compilations likely won't include everything, either, like your license plate numbers or all your compromised addresses, nor the site from which hackers stole it.

So basically don't bother. If you want the same experience, open up notepad, HIBP, and your password manager, and make a little doxx file on yourself, in CSV or JSON.

Show HN: Mirror Parliament where users vote on top of politicians and draft laws

Ask HN: Opus 4.6 ignoring instructions, how to use 4.5 in Claude Code instead?

We Mourn Our Craft

Jim Fan calls pixels the ultimate motor controller

Exploring a Modern SMTPE 2110 Broadcast Truck with My Dad

AI UX Playground: Real-world examples of AI interaction design

The Field Guide to Design Futures

The Other Leverage in Software and AI

AUR malware scanner written in Rust

Free FFmpeg API [video]

Are AI agents ready for the workplace? A new benchmark raises doubts

Show HN: AI Watermark and Stego Scanner

Clarity vs. complexity: the invisible work of subtraction

Solid-State Freezer Needs No Refrigerants

Ask HN: Will LLMs/AI Decrease Human Intelligence and Make Expertise a Commodity?

From Zero to Hero: A Brief Introduction to Spring Boot

NSA detected phone call between foreign intelligence and person close to Trump

How to Fake a Robotics Result

It's time for the world to boycott the US

Show HN: Semantic Search for terminal commands in the Browser (No Back end)

The AI CEO Experiment

Speed up responses with fast mode

MS-DOS game copy protection and cracks

Updates on GNU/Hurd progress [video]

Epstein took a photo of his 2015 dinner with Zuckerberg and Musk

MyFlames: View MySQL execution plans as interactive FlameGraphs and BarCharts

Show HN: LLM of Babel

A modern iperf3 alternative with a live TUI, multi-client server, QUIC support

Famfamfam Silk icons – also with CSS spritesheet

Apple is the only Big Tech company whose capex declined last quarter

Show HN: Mirror Parliament where users vote on top of politicians and draft laws

Ask HN: Opus 4.6 ignoring instructions, how to use 4.5 in Claude Code instead?

We Mourn Our Craft

Jim Fan calls pixels the ultimate motor controller

Exploring a Modern SMTPE 2110 Broadcast Truck with My Dad

AI UX Playground: Real-world examples of AI interaction design

The Field Guide to Design Futures

The Other Leverage in Software and AI

AUR malware scanner written in Rust

Free FFmpeg API [video]

Are AI agents ready for the workplace? A new benchmark raises doubts

Show HN: AI Watermark and Stego Scanner

Clarity vs. complexity: the invisible work of subtraction

Solid-State Freezer Needs No Refrigerants

Ask HN: Will LLMs/AI Decrease Human Intelligence and Make Expertise a Commodity?

From Zero to Hero: A Brief Introduction to Spring Boot

NSA detected phone call between foreign intelligence and person close to Trump

How to Fake a Robotics Result

It's time for the world to boycott the US

Show HN: Semantic Search for terminal commands in the Browser (No Back end)

The AI CEO Experiment

Speed up responses with fast mode

MS-DOS game copy protection and cracks

Updates on GNU/Hurd progress [video]

Epstein took a photo of his 2015 dinner with Zuckerberg and Musk

MyFlames: View MySQL execution plans as interactive FlameGraphs and BarCharts

Show HN: LLM of Babel

A modern iperf3 alternative with a live TUI, multi-client server, QUIC support

Famfamfam Silk icons – also with CSS spritesheet

Apple is the only Big Tech company whose capex declined last quarter

Data Leak Exposes 149M Logins, Including Gmail, Facebook

Comments