I got almost that many Gmail addresses from trying to game Reddit’s permabans. They really got it in for me over there, just because I took their commitment to free speech seriously. Turns out they were just kidding.
Haha my man. Make em work for it
google stores passwords unhashed ???
I mean, if you get the hash and salt (which must be stored if present), then getting a very large subset of the passwords from that isn’t too hard.
That ai banner does not inspire trust at all :( The actual content reads well & they link other articles though. Weird.
neither does the something.vercel.app domain
Are we sure someone just didn’t ask Gemini for 48 million Gmail credentials and immediately get them?
I’m holding a grudge because I was arranging a Craiglist sale and when I sent the buyer my phone number to text my account was suddenly disabled for “unusual activity” signing me out of everything. I was able to re-enable it right away, but I’m pretty sure whatever AI-trash system is in place to monitor accounts did it.
Are we sure someone just didn’t ask Gemini for 48 million Gmail credentials and immediately get them?
It looks like they come from infostealers:
It looks like they come from infostealers
I get it, it was Gemini, we can stop repeating ourselves
100k onlyfans can get spicy
Shit, am I on the list?
I think the security researcher didn’t download the data.
But be sure to check out https://haveibeenpwned.com/ to check if your data is in other lists.
This is why we have MFA.
Hey want to play a game? Your bank is gonna text you a number, and I’m going to guess it. Tell me if my guesses need to be higher or lower.
This is why you never enable SMS based MFA. TOTP is well established and just works. If you need even more security FIDO2 devices like YubiKey are a thing.
It would be nice if that was a choice but SMS is unavoidable.
It is avoidable. On this side of the world the only companies and sites that use sms mfa are american companies that are clearly not european based or focused.
Last and only site i would only do sms mfa was gofundme, and they banned me because of fake information so go figure
For the love of God, someone inform Citibank and Chase of this. My dinky little local credit union allows me to use TOTP, but Citi and Chase still only seem to support SMS.
Chase supports push notifications via their app now, so at least they’re moving forward toward something a bit more secure. But yes, I’m so pissed that so many banks use SMS when it’s known to be easily spoofed.
Requiring the use of their own app is only marginally better than not supporting it at all. I try to minimize the number of apps pn my phone, and banking apps are prime examples of a use case that can be completely fulfilled in a browser. Even if I used the app, I would prefer to be prompted for non-biomotric MFA each time I sign in anyway.
Yeah I can respect that, I have one bank where the only account I have there is a credit card now that I paid off my loan. Their app is terrible and half the time it doesn’t load on my home network because of all my ad and tracking blocking on my DNS server. I just want to check balances, you assholes. So yeah that one is strictly browser only for me.
hellnuh, that your own website you keep posting?
Yeah, address looks sus af
Check Op’s username and the community it mods, and you’ll know what I mean.
I seem to be missing some context. Now, after seeing another post with a link there, I know this probably is not some one-time scam site. But then, if you had the info that domain matches the name of their community, WDYM?
You asking me or OP, wdym?
hellnuh, that your own website you keep posting?
Check Op’s username and the community it mods, and you’ll know what I mean.
I checked and I don’t get it
Your point is only asking if that’s their page?
Your point is only asking if that’s their page?
Yes, that was my question to him. I was hoping he reacted.
And you did reacte to me saying
Yeah, address looks sus af.
So I thought you got it. So I said: check the username …
So yes it IS their own webpage. According to rule 1 , posts need to be news articles, not this. He’s been posting daily. Self promotion is also a no go.
So I’m not sure you are missing something.
It is, but it doesn’t seem nefarious. Just somebody trying to carve out a little corner to help individuals find some tools to get away from Google and such. Maybe they make money via some affiliate links, but is that a bad thing?
Brought to you by proton
Analysis indicates the data was aggregated over time from multiple sources, including malware infections, phishing campaigns, and older third-party breaches. There is no indication of a direct compromise of Google’s internal infrastructure.
Everything is vulnerable to that, including proton.
Start setting up passkeys where available, that is the safest and easiest way, I store mine on my selfhosted vaultwarden but you could use other ways. As long as the devices you use are secure, no passwd leaks, spoofing attempts or phishing can threaten you.
