Forbes: 16 Billion Apple, Facebook, Google And Other Passwords Leaked
Posted by GuiltyYams@reddit | PrepperIntel | View on Reddit | 143 comments
Posted by GuiltyYams@reddit | PrepperIntel | View on Reddit | 143 comments
Ill-Humor2718@reddit
Is this possible to get the the details
deusmachinato@reddit
My biggest red flag is thinking out of the 16 billion accounts they won’t even see mine
JASHIKO_@reddit
They'll run AI through the lists and compare it with other lists over time to match required details and make the data more useful. They'll target high net worth individuals first then work their way down.
Constant-Kick6183@reddit
Oh good that places me dead last!
LibTearCollecting@reddit
Yup being broke is the best way to avoid thieves.
eli636@reddit
Low key life hack!
goblinsnguitars@reddit
Depends on the thieves.
Net Thieves yes.
Junkie thieves shiv’ing you for shoes then yes.
Long_Walks_On_Beach5@reddit
How can we find out if ours has been leaked? Has 'have I been pwned' been updated or is there any other site to check on?
elephantdiaries@reddit
Goddammit I was just thinking this
bananataskforce@reddit
The average person has what - 50 passwords? Most people have multiple passwords that have been leaked from low-security websites, which is why it's important to change your passwords every so often or use unique passwords for each website.
merryolsoul@reddit
I would've thought this 6-7 years ago but with AI able to scrape information and find patterns in huge datasets effortlessly there's no such thing as "strength in numbers" leaks any more.
ShartlesAndJames@reddit
they probably have mine, but I'm too damn boring and poor to bother with
c0rd_sucks@reddit
I mean there’s so many, there’s no way they got MINE
HotPotParrot@reddit
Considering how many Google accounts I've forgotten, let alone opened, I like my chances.
Jobbo0507@reddit
My biggest red flag is thinking that if they were going to use mine, they would’ve already.
FallFromTheAshes@reddit
Plenty of factors can include to this, but automated tools make it easy to do password spraying.
jujutsu-die-sen@reddit
This article isn't really helpful. How do you know if you've been impacted or not? Is everyone in the world supposed to stop and change all of their passwords right now?
wuphonsreach@reddit
Some/many of the modern password managers like 1Password have built-in tooling to tell you if any of your passwords have appeared in a breach.
And if you put MFA on as many accounts as possible, the attacker can't get in just from a leaked password.
jujutsu-die-sen@reddit
The article seems to reply this is an unreported/ undisclosed breach. Would 1Password be able to warn you about a breach that hasn't been made public yet?
aesthesia1@reddit
If it’s the report that I’m thinking of, it’s probably not a breach of the companies, but of users directly. In which case, companies wouldn’t be disclosing breaches.
wuphonsreach@reddit
Good point, probably not. But a lot of these passwords are probably already exposed in haveibeenpwned lists.
MrPatch@reddit
The article is bullshit, click bait headline and they skim over that this definitely isn't @ breach of Google or apple at all. Reads like the daily mail.
Long_Walks_On_Beach5@reddit
So can you explain what it is then
MrPatch@reddit
Someone has compiled a load of already released data in to a series of databases.
It's not a hack of Google/apple/fb user database, it's probably the results of other breaches and then data stuffed or compiled for later use.
It's not even a single 16 billion data set. The article mentions that they found a series of data sources, the largest was 3.5billion, containing 'exposed' passwords that eventually totalled 16bil. I doubt these data sets were deduplicated either so the large number is dubious at best.
Extremely weak and sensationalist reporting.
aesthesia1@reddit
I read something about infostealer malware being heavily responsible in an article regarding this breach. This could be responsible for the new “pwned” account info. There wasn’t a detailed analysis, just “likely culprit” language.
_Melba_Toast_@reddit
There is data inside this breach never seen before and it covers a large portion of the 16 billion and they don't know where it came from. From what I've read.
I agree it's sensationalism but there is new stuff in this and I can't find concrete info about it and idk if that's cause it's real or cause it's fake. Waiting for pwned to list it so I can check tbh
JoplinSC742@reddit
A lot of people reuse the password without a lot of variation. In theory, this leak could be used to create a password aggregator that can then be used for more damaging cyber attacks. Odds are your Facebook login and your bank login aren't too dissimilar. You can chance your password if you like, but unless you actually use a password manager and regularly update all of your passwords to randomized secure passwords with everything synced to 2fa, there's very little you can meaningfully do about a leak like this.
PorcupinePao@reddit
A person close to me received an email yesterday from Google, saying that an app linked to their google account were included in the breach. It was their Netflix, a person was logging in from freaking Brazil.
HappilyDyke@reddit
Yes. You should always change your passwords regularly.
jujutsu-die-sen@reddit
I do but I have over 300 so I never change them all at once. If I need to spend a day going through all of my accounts I'd like to know.
4r4nd0mninj4@reddit
I usually do this (280 passwords) over the Christmas holidays while I'm watching a movie I've seen dozens of times, with a glass of spiced rum next to the fire.
duravittivarud@reddit
what movie?!
4r4nd0mninj4@reddit
Die Hard~
2024account@reddit
Hell yeah
duravittivarud@reddit
thanks!
General_Raisin2118@reddit
Yeah this article is the only article that talks about this.
haveibeenpwned.com is a source to see how many times you've been in a data leak.
ALLCAPITAL@reddit
Yes
Princesscurve871@reddit
If they find any money in my accounts can they let me know?
vintagerust@reddit
They aren't clear how they're gathered, was it sites that look close enough to legitimate sites for some people to enter credentials on, a big password manager, malware, keylogger? It seems like all they have to report is credentials are for sale on the Internet? Is this supposed to be news?
MrPatch@reddit
It's collections of previous leaks, might not even be malicious, just a click bait headline.
I find this thread surprising, I just assumed a pepper sub wouldn't be so histrionic without a bit of actual understanding to back it up.
Does no one read any of these articles any more?
CaliforniaBruja@reddit
To be fair, this article was a word salad
vintagerust@reddit
Pretty much
Jazzspasm@reddit
This article is the equivalent of a cooking recipe
All you need to know is change your passwords
CaliforniaBruja@reddit
Literally had to give up after a few paragraphs cus it was giving me a headache
outm@reddit
The headline is scaremongering, as usual
This is just a remix of already leaked passwords from previous databases (some of them from +1 year old)
And they didn’t even get hacked from Google, Apple and so (obviously, given they don’t hold them in plain text just to start) they are just “guessed” passwords from users that got their passwords leaked elsewhere, and “hackers” automatically tried to login to those services using the same.
So, say Joe had “123” as password in HomeDepot, and HomeDepot leaked their DB, then “hackers” tried to reuse this with Gmail and other services to see if those recognise it as the valid password, in case Joe uses the same everywhere.
If you don’t use the same password everywhere and/or if you have 2FA, you’re very safe (at least for those services).
4r4nd0mninj4@reddit
Thanks for the summary. I recommend Bitwarden+Yubikey set-up for password management and 2FA.
Isami@reddit
You don't even really need a yubikey... bitwarden and many others do provide TOTP.
4r4nd0mninj4@reddit
The Yubikey is for securing Bitwarden...
ReasonablePossum_@reddit
They really pushing on "passphrases", which is basically a rebranded biometric login.
Thanks but nope.
itstongy@reddit
It’s passkeys and it doesn’t require biometrics at all, eg when you use it on a desktop - the biometrics are never pushed to the server
The whole idea of passkeys is we trust the device not the password + mfa. That way it’s near impossible to social engineer or phish
The biometrics is just how your device is set up to authenticate its you using the device before logging in, again local
ReasonablePossum_@reddit
I do not trust my device.
itstongy@reddit
I mean that’s why they have you authenticate before sending the key to the server with biometrics, pin, password or hardware key. All about reducing the attack surface
ReasonablePossum_@reddit
Yeah but biometrics aee stored in the phone and can be gathered, plus if i can be forced to use them be me conscious or not.
Your security comes down to how secure or compromised is your device.
outm@reddit
I don’t understand your “nope” to passkeys, really.
You can use them with physical hardware keys, with passwords, with PINs, they are not linked to a specific device or method.
They are just a more secure approach than the typical “TOTP with seeds saved in your device”.
In fact, it’s more secure, in the sense that passkeys can’t usually be “transferred” (TOTP can) and don’t require the user to input manual codes (which can be used by a bad actor remotely, like screenshotting your screen codes, or whatever). Also, passkeys automatically get the correct device you’re login to, because they are local based (your passkey can only be verified by devices on your local area, like your laptop), different to TOTP codes, that can be used even 10.000km away from you.
For example, if I want to login in your Gmail with a TOTP, I only need your current 30s TOTP code and done. With a passkey, I need to hold physically your “signing” key (phone, yubikey, whatever) or nothing.
ReasonablePossum_@reddit
Oh i have no issues with the ones offering hardware or other non-biometric inputs. Im against the ones stored on my computer/cellphone, and cloud (google, ios, msft).
I do not trust cellphone security, nor software companies with keys that can be accessed via judicial order, a zeroday, or simple hacking. Regardless of encryption.
And i do not trust my physical safety being guaranteed as to not have my own biometrics used against me at some point, with my own device.
You can easily have a TSA agent physically forcing you to access with biometrics for example. Something that is quite common.
outm@reddit
But… your passkey can’t be “accessed” nor used without you “unlocking it”
In fact, it would theoretically far easier to use your TOTP against your will, than a passkey.
I think, in short, that you don’t know how passkeys work and are just hating the concept you think they are, wrongly
ReasonablePossum_@reddit
Again, take a big guy, grabbing your head/hands, opening your device with them, accessing everything in your phone.
As for the "can't be accessed nor used without me unlocking it" I would take that with a very big grain of salt, since not a single big company has something like that working without a zeroday or backdoor that the ones above it can access if required. Telegram and Huawei suffered for rejecting to implement these in their platforms.
Theoretically all of it is "secure" and "private". Practically tho, its only to the point where someone really wants to access it.
outm@reddit
Then, in that case, what's your alternative? Not using anything tech?
My point is that there isn't any better alternative to secure your accounts, not TOTP or other things.
If you get as paranoid as that, then the best is to trash your tech and work analogically lol
darkdaysolstice@reddit
The prompt is "Kipling".
Boel_Jarkley@reddit
Bro, just give us a scan of your face and your fingerprints, bro. We won't sell it or let it get stolen, bro, we promise.
Additional_Bowl_7695@reddit
then i guess you're not an iPhone user.
I'm personally ok with FaceID
outm@reddit
You can still use a device-based method to “unlock” your passkey, like a PIN, pattern or password.
Passkeys are just like an evolution on TOTP, simplifying things.
But it’s not like passkeys force you to use biometrics, it depends how you (or the company) implements it.
For example, you can have passkeys that don’t unlock with biometrics in iPhones
BlasterPhase@reddit
that's not how you use that word
anti-Notzi_4Life@reddit
I tried to post this question orbital in conspiracy, but took new.
Anyhow, anyone else think these recent hack exposing so many millions of user accounts for the 3 of the most used services is the USA was done by the us government itself or they hired foreign hacker groups to do it for them to further go after political dissidents or even those that just open hate trump and maga.
MrPatch@reddit
You should try reading the article
anti-Notzi_4Life@reddit
I did before I said anything... what's your issue with my conspiracy theory?
Just bc the fbi is investigating doesn't mean the nsa didn't do it.
MrPatch@reddit
It isn't a hack for a start also why are the FBI hosting data sets in publicly accessible storage?
Skinny-on-the-Inside@reddit
People should just reset their passwords every three months because you are not even heating about all the breaches necessarily. And freeze your credit, it’s free.
Raddish3030@reddit
Oh no. You better get that Central Bank Digital Currency on the Blockchain and lock it to your biometric authenticators. Or else!
GuiltyYams@reddit (OP)
Yes exactly.
Delicious_Spot_3778@reddit
Just change your passwords folks
woodbanger04@reddit
Nooooo. Then I will have to write a new list called P@w0rds 2! 🤣
worldsoap@reddit
If you could not let other people know about the trick where numbers and special characters are used instead of letters, that would be great. OK, thanks, bye!
enonmouse@reddit
Howd you crack my very own substitution system! Blast!
NoEvidence136@reddit
Let's see, next in line is... Password!32 maybe?
or 33...
JoeGibbon@reddit
And use multi-factor authentication.
Relevant-Sea4689@reddit
Lol, good thing I don't use any of that shit. I switched when the USA turned into a fascist theocracy. They can't be trusted at all.
MakeTheRightChoice_@reddit
What do you use instead?
GuiltyYams@reddit (OP)
Try Proton Mail.
RanchWaterHose@reddit
Proton openly supports MAGA
Brsek@reddit
Who cares, their products are great and right in princible
RanchWaterHose@reddit
Yes, princibles are impotent
TheWhiteRabbitY2K@reddit
Eh, that's a stretch. Their CEO posted on X praising a Trump administration antitrust nominee and saying something like, “10 years ago, Republicans were the party of big business … today the tables have completely turned"; Proton deleted the post, clarified it wasn't a political statement and didn't reflect their mission of neutrality.
Oddveig37@reddit
I am not using the Antichrist's chosen social media platform.
QHCprints@reddit
RFC1149
Cro_Nick_Le_Tosh_Ich@reddit
How much you want to bet they suggest a platform from China instead 🤣🤣🤣
pr2thej@reddit
They didn't 🤣🤣🤣
averagelatinxenjoyer@reddit
So 30 some years ago?
AxCrypt@reddit
https://www.reddit.com/r/Axcrypt/comments/1lfybqy/how_axcrypt_helps_in_the_wake_of_the_16_billion/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
Overall_Stranger6568@reddit
So like...all of them? That's like double the world population, right?
Cool-Chemical-5629@reddit
Thief: Dude, this is not okay. How are you so broke all the time that when I want to steal money from you, I first need to donate my own money to you and then steal it back?
Send-hand-pics-pls@reddit
enable 2FA
whoibehmmm@reddit
I'm thrilled that I do not use any of those things.
Cro_Nick_Le_Tosh_Ich@reddit
Proud you for using probably something just as bad if not worst
whoibehmmm@reddit
Sure dude.
Cro_Nick_Le_Tosh_Ich@reddit
What, you don't want to list it?
whoibehmmm@reddit
List what, weirdo? You still use Facebook when most people ditched it 10 years ago? You like being locked to Apple's little ecosystem? You would think people would be smarter in a prepper sub.
Cro_Nick_Le_Tosh_Ich@reddit
Never said I was
Not an apple fan either champ, 0 for 2
Clearly you're one of those people since you got lost from a simple question. List what platform you use instead?
whoibehmmm@reddit
🤡🤡🤡
Cro_Nick_Le_Tosh_Ich@reddit
Still don't see a platform you use. Come on, you should be proud of your better platform yet you can't list it.
My guess is it's that cheap cheap copycat spyware crap
whoibehmmm@reddit
Keep waiting, weirdo!
Cro_Nick_Le_Tosh_Ich@reddit
Silence means I'm right, you use that cheap sheet that freely hands over your data 🤣🤣🤣
whoibehmmm@reddit
You're either braindead or you're the CEO of Google or Facebook and are absolutely crushed that people don't use your trash anymore. Sleep tight, loser. I hope you dream of the myriad of programs people on the internet use.
scheurmercer@reddit
Dumb boomer swamp people.
Cro_Nick_Le_Tosh_Ich@reddit
Smells like 🪞
scheurmercer@reddit
Effing hate red beards and necks.
Cro_Nick_Le_Tosh_Ich@reddit
Sounds like a personal problem.
When is the last time you touched grass?
scheurmercer@reddit
Haha sorry i like gingers. Proud boys … yeah nah…
Cro_Nick_Le_Tosh_Ich@reddit
hates red beards rednecks
States love for gingers after being asked about touching grass
Uses yeah nah
Pretty sure the cast of the jersey shore each has a higher IQ than you
ChopGoesTheWeasel@reddit
Congrats on not using online passwords!
(while posting from a Reddit account 🤔)
whoibehmmm@reddit
Who knew this sub would be so salty about anyone who doesn't use these apps? Weird.
SandIntelligent247@reddit
Is this sarcsam? If not, how
whoibehmmm@reddit
Why would this be sarcasm? I don't like Apple. Facebook has been dogshit for over a decade and I don't need to use Google when there are options like Proton.
Able_Pipe_364@reddit
it has nothing to do with those services.....its malware.
Styl3Music@reddit
Does anyone know if there's a database or list i can search to see what I need to change? I got lucky back when the billions of social security #s were harvested, but I haven't found a list tobdig through for this one.
081514091016@reddit
https://haveibeenpwned.com/
Blubbpaule@reddit
I am in over 20 breaches.
Haven't been hacked once since i have this Mail.
Also why am i in a "french citizen" data breach?Like what the frock?
oltop@reddit
8 billion people on earth, they scalping bot accounts now too?
Great-Yoghurt-6359@reddit
You might want to rethink that comment. Just a heads up.
oltop@reddit
Ive got multiples myself, good looking out though
Great-Yoghurt-6359@reddit
Bet
ask_anybody@reddit
I think they're saying passwords in general, not unique individuals. Speaking for myself I probably have over 100 passwords save with Google password manager, and probably more. That's not even counting msft authenticator passwords
Dense-Ad-5967@reddit
Well I have 2 emails, so some people might be fancy that way.
PurpleBoth3900@reddit
hi, just wanted to ask a genuine question, I'm not by any means an expert on technology or these kind of things, do I have to now change all my passwords? I've read online people are saying these are similar click bait articles, do I need to preoccupied and change my passwords, thanks for the help!
Fuzzy_Education_6700@reddit
To give a 2FA…
IamBob0226@reddit
Oh no... I'll have to change my password from "password" to 12345
dewdropcat@reddit
Why do we even bother having passwords at this rate?
Hailsabrina@reddit
I don't have any money to steal anyways 😅🤣
GuiltyYams@reddit (OP)
Every cloud has a silver lining eh?
thatgenxguy78666@reddit
this shit is getting fucking ridiculous.
ApprehensiveStand456@reddit
I wonder if this is on purpose to force people into passkeys
Ralfsalzano@reddit
That’s more than people on earth! Haha
B3rse@reddit
2FA for the win
scott_peregrin@reddit
That has to be like… every password ever, right?
Delicious_Spot_3778@reddit
lol google
Horror-Potential7773@reddit
Crypto wallets as well. Yum
lareefgeek@reddit
Cool, I might finally remember what mine is
bruceleet7865@reddit
Non paywall link?
GuiltyYams@reddit (OP)
Which I now see is non-visible. The archive link is in my comment history, apologies. I have been able to post plenty of links here in the past so I was unaware my archive link would be disallowed.
GuiltyYams@reddit (OP)
I left the archive link in the comments section already.
Fast-Year8048@reddit
haveibeenpwned dot com to check. (not sure if we can post links here)
Fast-Year8048@reddit
welp, time to update all passwords, again.
GuiltyYams@reddit (OP)
https://web.archive.org/web/20250619172129/https://www.forbes.com/sites/daveywinder/2025/06/19/16-billion-apple-facebook-google-passwords-leaked---change-yours-now/