Hacker News new | past | comments | ask | show | jobs | submit login

Tim is right. The group has actually acquired ~1.2 billion passwords, which is a obviously a widespread beach.

Does anyone know a list of the sites they got this data from?

There's been stories for a while of massive malware infections sniffing usernames and passwords of infected users. Simply because there's little to give away that such an activity is going on (ie, if you were spamming or mining bitcoin there would be a real-world impact shown immediately) it's extremely hard to confirm or deny if this is happening and at what scale. In my mind it doesn't seem unlikely that would be happening though. Combined with large websites like LinkedIn being compromised, you're looking at a very, very big problem.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact