• Breach date: 16 October 2024
  • Date added to HIBP: 7 November 2024
  • Compromised accounts: 420,961
  • Compromised data: Email addresses, Usernames
  • sic_semper_tyrannis@lemmy.today
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 days ago

    People commonly reuse the same usernames and passwords with an associated email. All that must be done is check breach data for matching email and username and then try the password from the list. You’ll likely find more than a few will be a match

    • Echo Dot@feddit.uk
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 days ago

      You are correct that people commonly reuse passwords. People are stupid after all. But in this case passwords weren’t taken because they were encrypted, so all they’ve got is user names and email addresses.

      From the sounds of it, the database was actually pretty secure the problem was the interface between the database and the website wasn’t. Good news is because the database was secure not a lot of sensitive information has been leaked.