this post was submitted on 09 Nov 2025
333 points (96.9% liked)

Technology

76672 readers
2278 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
333
God ****** dammit, here we go again (lemmy.world)
submitted 17 hours ago by Kyrgizion@lemmy.world to c/technology@lemmy.world
99 comments fedilink hide all child comments
 

Use the "passwords" feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They'll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] neidu3@sh.itjust.works 2 points 12 hours ago (1 children)

Is there any info regarding how old this data is?

[–] renrenPDX@lemmy.dbzer0.com 3 points 7 hours ago

The breach occurred in April 2025.

During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords. Working to turn breached data into awareness, Synthient partnered with HIBP to help victims of cybercrime understand their exposure.

This was added to Have I Been Pwned on Nov 6

[–] tym@lemmy.world 2 points 1 hour ago* (last edited 1 hour ago)

As someone who consults in the IT Security space, It's bad out there. Contractors and BYOD companies are downright sheepish in asking their outsourced employees to do anything security-related to their devices. The biggest attack vector is allowed unfettered remote access (and therefore the whole company and any bad actors are also granted unfettered remote access)

I still can't get over how quickly companies-at-large have abandoned VPN Servers (removing network trust from the list of options as well)

I'm down to managed browsers via IdP, and I just can't wait for the objections to that as well. People out here offering their faces to leopards. Certificate-based MFA on all the things IMO - passwords shouldnt matter (but six digit MFA codes aren't immune to fake landing pages and siphoned MFA tokens that don't expire)

[–] SalaciousBCrumb@lemy.lol 1 points 4 hours ago

Irony

load more comments
view more: ‹ prev next ›