Billions of login credentials have been leaked online

by wayneshng on 6/20/2025, 5:37:14 PM with 61 comments

  • by gnabgib on 6/20/2025, 7:37:46 PM

    Dubious origin, lots of other copies:

    (17 points) https://news.ycombinator.com/item?id=44316114

    (30 points, 3 comments) https://news.ycombinator.com/item?id=44318192

    (12 points, 4 comments) https://news.ycombinator.com/item?id=44320243

    (26 points, 15 comments) https://news.ycombinator.com/item?id=44321381

    (9 points, 2 comments) https://news.ycombinator.com/item?id=44322204

    (11 points, 2 comments) https://news.ycombinator.com/item?id=44322288

    (10 points, 3 comments) https://news.ycombinator.com/item?id=44322588

    (10 points, 2 comments) https://news.ycombinator.com/item?id=44328038

  • by airstrike on 6/20/2025, 7:02:19 PM

    > According to a report published this week, Cybernews researchers have recently discovered 30 exposed datasets that each contain a vast amount of login information — amounting to a total of 16 billion compromised credentials. That includes user passwords for a range of popular platforms including Google, Facebook and Apple.

    Can someone more knowledgeable than me explain how my passwords could have been leaked from Google or Apple? Or is this just bad reporting?

    It is my understanding that neither Google nor Apple have my passwords stored, and any password service they have like the iCloud keychain would presumably be encrypted. What am I missing?

  • by temp0826 on 6/20/2025, 6:56:11 PM

    Will this make its way to haveibeenpwned or other services?

  • by junon on 6/20/2025, 6:09:53 PM

    > Sixteen billion is roughly double the amount of people on Earth today, signaling that impacted consumers may have had credentials for more than one account leaked

    Interesting use as "may have" as that would imply, mathematically speaking, that there are people who were impacted at least twice...

  • by krupan on 6/20/2025, 7:29:40 PM

    Can we be done with passwords yet? I see far too many sites offering a passkey option

  • by jmward01 on 6/20/2025, 8:04:13 PM

    Our digital identities have become more valuable than most physical property but I still don't see society taking it seriously. People like my grandmother constantly shedding information to any pop-up that comes her way. Our governments not prioritizing this threat as a true top priority and properly funding it and taking action on it. (911 for digital crime maybe?) People not seeing others and properly shaming them and turning them in for digital crime like we would do if we saw property crime, etc etc. The scale of something like this is absurd, even if it is a lot of re-packaged data. The amount of time people will be dealing with the fall-out from just this one incident can likely be measured in thousands of people years. Or, put another way, this is on par with the impact of mass murder in term of lives altered. As a society we really need to make changes in our laws and behavior to really internalize how massive a problem this is before we can even start to address it.

  • by DidYaWipe on 6/20/2025, 6:38:38 PM

    This is a good reminder that forcing people to use an E-mail address as a user ID is a stupid and dangerous policy.

    Voted down by amateurs who set their Web apps up this way. Killing the messenger won't secure your users' credentials.

  • by DyslexicAtheist on 6/20/2025, 7:08:32 PM

    the article mentioned passkeys as a solution but imho is only a path towards vendor lock-in.

    Like, "we solve your security issue provided you do business only with us".

    That is neither "antifragile" nor resilient. It's just hype.

  • by r33b33 on 6/20/2025, 6:09:09 PM

    2FA makes this a non-issue, no? You will get notificaton if someone failed to log in.