this post was submitted on 23 Aug 2023
551 points (99.1% liked)

Technology

62012 readers
3883 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
551
Scraped data of 2.6 million Duolingo users released on hacking forum (www.bleepingcomputer.com)
submitted 1 year ago by [email protected] to c/[email protected]
87 comments fedilink hide all child comments
 

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 107 points 1 year ago (36 children)

Oh no. Now they know the aliased email address, unique password, and that I didn't try very hard to learn spanish.

(please note: this is a joke, I don't see anything about them getting passwords)

[–] [email protected] 33 points 1 year ago (34 children)

Something to note here - with AI, if you’re using any sort of heuristic for your password, it’s pretty simple to work out a pretty good set of possibilities which makes brute force even easier and puts you at risk across the board.

Always come up with random passwords that are as random as possible. If there’s a path you took to get to a password, in theory it can be worked backward.

For example I know some people who only change a single letter when changing their passwords which is ultimately trivial to guess if the old password was compromised (hence the need to change the password or the need to proactively work against this possibility)

[–] [email protected] 44 points 1 year ago (13 children)

I wish more websites allowed random words as passwords instead of forcing numbers and special characters (but not THAT special character, you have to use one of the ones on this list).

People change their passwords by one letter or digit because they're tied to these restrictive formats. If 5-6 random words was the norm, people would update more than just one character when needing to change passwords.

"poison navy series ruler handshake papaya" is a fantastic password.

"Ilovemygrandkids!123" is a horrible password.

[–] danwardvs 21 points 1 year ago* (last edited 1 year ago) (1 children)

You know somebody has to link this.

https://xkcd.com/936/

[–] [email protected] 3 points 1 year ago (1 children)

That's why I use IncorrectBatteryHorseStaple

They'll never figure that one out

[–] [email protected] 0 points 1 year ago (1 children)
[–] [email protected] 3 points 1 year ago

You just linked the same thing that the thing you responded to responded to had linked!

load more comments (11 replies)
load more comments (31 replies)
load more comments (32 replies)