Your email and password are the keys to your part of the internet world, so be careful who you share it with.
Jeremiah Fowler, a cybersecurity researcher found an unsecured online database containing over 184 million login credentials. This includes email addresses, usernames, and passwords.
The exposed data includes data from platforms such as Google, Apple, Microsoft, Facebook, Instagram, PayPal, and Netflix, as well as bank, healthcare, and government accounts spanning 29 countries.
The leak was traced to infostealer malware, a malicious software designed to harvest credentials stored in web browsers or apps, later compiled into a large dataset by attackers.
Some people think These alerts seem pointless nowadays. Every time I check, the "leak" is from regurgitated password lists from 10-15 years ago that is compiled into a "new" list.
This isn't from a breach, it's aggregated data from info stealer malware. If you have email-based 2FA (which many platforms have by default and don't allow anything else) your accounts can be compromised even with 2FA. Even Time based one time password (TOTP) could theoretically be compromised if someone on the other end was able to grab your token.
Passwords have been dead for years now. Everything should have Multi-factor Authentication (MFA) or passkeys. Authenticators are a great extra security measure.
So what can you do? Check your email and password if it has been compromised on this website and this website only: https://haveibeenpwned.com/
This website is run by a white hat hacker named Troy Hunt. It is a database that allows you to cross reference your password against their database. There is a caveat, the website saves your information with Google tracking scripts and hosted on Cloudflare. In other words check if you’re coming with Google storing your data. Rather than providing your password you can only provide your email and see if it has been compromised. If it hasn’t great, if it has it is probably best to change your password.