this post was submitted on 19 Jun 2025
148 points (87.4% liked)

Technology

72224 readers
3454 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
148
16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now (www.forbes.com)
submitted 1 week ago by shish_mish@lemmy.world to c/technology@lemmy.world
31 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] drspod@lemmy.ml 23 points 1 week ago (1 children)

This article is about credentials that are stolen directly from users' devices that are compromised with malware. So they will be that user's passwords for whatever services they were using while infected with the malware. This is why the dumps contain passwords for just about every online service that exists.

This isn't an actual database breach of the major providers.

[–] A_norny_mousse@feddit.org 6 points 1 week ago (1 children)

Thanks for clarifying. Still, does this affect every "device" user out there? There must be some sort of explanation here, what's the attack vector etc. I couldn't find it even on that Lithuanian guy's website.

[–] drspod@lemmy.ml 6 points 1 week ago (1 children)

This forbes blog is about this article:

https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/

The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances.

So there isn't really an explanation other than "somebody collected these somehow and left the data unsecured."

The attack vector for infostealer malware is usually social engineering, getting unwary users to download infected trojanized software via phishing and malvertising etc.

If you follow security news, you will see articles about infostealer malware campaigns all the time.

https://www.theregister.com/2025/06/18/minecraft_mod_malware/

https://thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html

https://thehackernews.com/2025/06/rust-based-myth-stealer-malware-spread.html

https://thehackernews.com/2025/05/eddiestealer-malware-uses-clickfix.html

[–] Geodad@lemmy.world 4 points 1 week ago

Oh, so I'm probably safe.

I don't do mainstream social media, and I don't answer phone calls, texts, or emails from unknown sources.

Mama told me not to talk to strangers, and I took that into the digital age.