Massive password leaks

[Bitblazer]

Here is the german site with the article: 2.2 Billion Accounts affected

The article is in german, i will try to find an english translation.
Basicalls its an article that 2.2 billion account informations got leaked. You can check if you are affected HERE (english preselected)

pps: ok google website translator is discontinued, anybody with a decent german->english service we can use for the article? the article afffects 2.2 billion users, not only 89 million germans
Please reply with a good service which translates the original article Thanks

[Little John]

Thanks for the information and the links!

[Dude]

Hmm, I get one match with my Gmail address, but none when I check with https://haveibeenpwned.com.

[Bitblazer]

Hmm, I get one match with my Gmail address, but none when I check with https://haveibeenpwned.com.

I would change the gmail password, change it on any other services where you used it and verify any service that depends on your gmail accounts security for the previous 4 and the coming 4 weeks. Just in case

None of my accounts was affected but i will change all passwords periodically anyhow, cant hurt (unless i forget the new passwords

[HanPBF]

Unfortunately, 2-factor-authentication is the only thing that protects (exp. SaaSPass).

It's annoying but necessary...

[Dude]

2-factor-authentication is the only thing that protects

Yes, I have 2FA enabled for Gmail anyway, so anyone trying to log in from an unknown device will trigger both a text message to me, and an email alert to my wife's email. Nothing so far. And I don't use Gmail or Facebook to log in to anything - I always create a dedicated account instead. Offers of "Log in with Google" is nothing but a major security risk - never do it!

[Olliv]

Tiens la version française :

French version

[Denis]

Merci Olliv

[NicTheQuick]

It's better to choose a strong password instead of changing it every few month, because people tend to choose weak passwords if they have to remember them again and again. Of course this is not true when using a password manager but that should be clear.

[Derren]

Those are leaks, though. A strong password that you never change doesn't help you when the likes of Dropbox (2012, it's part of that list, not sure where the more recent leaks come from) store your password in plain text and get hacked or "release" the data by accident.

[tj1010]

This has nothing to do with password strength. The attackers aren't brute forcing hashes they are just publishing dumps from poorly managed systems with no hashes.

I've had mine dumped too, but it was all crappy sites I didn't trust with identities or CC. One day they will get my indentity no matter what password I use or second-factor because I have no say in system management for services I use(like using Intuit and Uber).. Freezing your credit is an annoying process in all countries; changing CC is quick and easy..

Also 2FA and U2F doesn't really help if they have access above CGI script inputs.. These are mostly Apache module vulns and leaked SSH keys and credentials through phishing and XSS and SQLi attacks.

2FA and U2F and knowing how to freeze credit and change cards is the best defense. Don't re-use passwords and make them with a PRNG and character table. Never use a password manager that has cloud or sync features..