16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

shish_mish@lemmy.world · 19 hours ago

16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

A_norny_mousse@feddit.org · 17 hours ago

Thanks for clarifying. Still, does this affect every “device” user out there? There must be some sort of explanation here, what’s the attack vector etc. I couldn’t find it even on that Lithuanian guy’s website.

drspod@lemmy.ml · 16 hours ago

This forbes blog is about this article:

https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/

The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances.

So there isn’t really an explanation other than “somebody collected these somehow and left the data unsecured.”

The attack vector for infostealer malware is usually social engineering, getting unwary users to download infected trojanized software via phishing and malvertising etc.

If you follow security news, you will see articles about infostealer malware campaigns all the time.

https://www.theregister.com/2025/06/18/minecraft_mod_malware/

https://thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html

https://thehackernews.com/2025/06/rust-based-myth-stealer-malware-spread.html

https://thehackernews.com/2025/05/eddiestealer-malware-uses-clickfix.html

Geodad@lemmy.world · 14 hours ago

Oh, so I’m probably safe.

I don’t do mainstream social media, and I don’t answer phone calls, texts, or emails from unknown sources.

Mama told me not to talk to strangers, and I took that into the digital age.