Do your own research | Was there a "Huge" Data breach?

[Ultegra134]

Just two days ago it was announced that a new massive leak has exposed over 16 Billion passwords and login credentials, including Apple, Google, Facebook and others. This "new" massive data breach has caused havoc, sparking wide media coverage from known websites such as Forbes, Dailymail, Time Magazine, filled with warnings and doom-wongering. At first, I was completely puzzled, another data breach? It's certainly concerning to have your login credentials leaked to the darknet and certainly a victim to automated attacks. I decided to do some digging on whether this was a new leak or the media was overexaggerating.

I stumbled upon the following article on Bleepingcomputer, which claims that this isn't a new data breach, or a data breach at all. Quoting from the article itself

it appears to just be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.

To be clear, this is not a new data breach, or a breach at all, and the websites involved were not recently compromised to steal these credentials.

Instead, these stolen credentials were likely circulating for some time, if not for years. It was then collected by a cybersecurity firm, researchers, or threat actors and repackaged into a database that was exposed on the Internet.

Thus, from my understanding, it's a compilation of stolen credentials that were collected from a cybersecurity firm and then re-exposed to the internet. The datasets are to be stored in a format usually associated with the malware "infostealer".

An infostealer is malware that attempts to steal credentials, cryptocurrency wallets, and other data from an infected device. Over the years, infostealers have become a massive problem, leading to breaches worldwide.

Any thoughts about this? Do you feel safe on the internet and what precautions do you take to ensure your safety of your personal details, such as your login credentials? Have you ever fallen a victim through any of these leaks (stolen wallet, account etc)? Is there a way to be truly safe out there?

Always search the source and doubt what you're reading, sometimes, even the most "reputable" websites will post overexaggerated articles or simply, something that isn't entirely true. Always do your own research.

Source: Bleepingcomputer.com

[DubemIfedigbo001]

This increases the importance of not storing your seed phrases, private keys and important financial concerns online, a single data breach can compromise the security of those information, more especially if your online drive is compromised.

I do not feel any pressure about the leaks, I have 2FA on all my accounts, so I believe even if they have the details they cannot access my accounts without my consent and anytime I notice funny prompts or codes coming into my primary device, I would just go ahead and change my password and it is sealed.

As long as having my credentials does not bypass my 2FA setup in any way, it is of no use to anyone who has it

[Charles-Tim]

Similar discussion is already existing but on off-topic board.

The 16-billion-record data breach that no one’s ever heard of

[Ultegra134]

Similar discussion is already existing but on off-topic board.

The 16-billion-record data breach that no one’s ever heard of

I hadn't noticed, I don't pay attention to the off-topic board, I have it on ignore to be honest. On top of that, the topic you mentioned doesn't include the fact that this isn't actually what the media portray it as, it's not a new data breach and most of the articles have misleading titles, some actually indirectly mention that it's not actually a new data breach. The topic of discussion is the same, but I'm also pointing out how the media causes chaos with misleading articles, even well-known sites.

[Die_empty]

Any thoughts about this? Do you feel safe on the internet and what precautions do you take to ensure your safety of your personal details, such as your login credentials? Have you ever fallen a victim through any of these leaks (stolen wallet, account etc)? Is there a way to be truly safe out there?

This thread shows the importance of doing research before believing any information that you come across. Confirming from more than one reliable source is important to get valid information.

Since someone uses centralized platforms where they demand personal information, it might be difficult to avoid these leaks. Some platforms will have to verify your information before you are granted access making it uneasy to hide your personal details.

I try as much as possible to avoid platforms that ask for sensitive information. Details like phone numbers, house addresses, pictures, work details, and family members are a no-go area for me. I also avoid saving sensitive information on the internet.

I have never been a victim of leaks that caused any damage. The only way to truly be safe from leaks is to stop using a centralized platform that asks for personal information..

[DYING_S0UL]

Any thoughts about this? Do you feel safe on the internet and what precautions do you take to ensure your safety of your personal details, such as your login credentials? Have you ever fallen a victim through any of these leaks (stolen wallet, account etc)? Is there a way to be truly safe out there?

Already did everything in my power. Right after seeing that news, I changed every passwords, every 2FA, every active session. Not only that I even asked my friend and families to change their credentials as well.

Similar discussion is already existing but on off-topic board.
The 16-billion-record data breach that no one’s ever heard of

I guess someone must have move that topic, either OP or Mod. If memory serves me right, I remember seeing it on the Beginners board.

[OcTradism]

Data breaches are everywhere and it possible happens with all companies that are either small or big, with considerable investment in their system and data base security. You can not trust any company with your data especially sensitive personal information that basically needs to be secured as best as possible.

It is only a newest data breach that plays its role as another alarm to many people in security and privacy practice.
Security and Privacy Encylopedia.