Security Breach: 15 Billion Stolen Logins Goes Viral On The Dark Web

After CHINA ‘IMPOSED’ a restrictive national security law on Hong Kong, tech companies find themselves at a crossroads. Giants like Google and Facebook stopped responding to requests for user data in the city, but may eventually have to pull out altogether.

One marquee name to exit Hong Kong already is TikTok, which remains eager to prove its distance from its China-based parent company. TikTok also found itself embroiled in a confusing episode on Friday, when an internal Amazon email indicated that the company was ordering employees to remove the app from their phones; hours later, Amazon stated that the email was sent in error. Hate it when the drafts go live, especially when they cause an international furor.

The world of Super Smash Bros. was also thrown into turmoil this week, as dozens of members of the community came forward with allegations of sexual misconduct. Elsewhere, Russian criminal gangs are getting into business email compromise—a fancy term for phishing scams—which can only end well. And hackers are actively exploiting a vulnerability in BIG-IP networking equipment, which will only end worse.

It wasn’t all bad news. Microsoft seized a bunch of domains tied to BEC activity. The robo-lawyer DoNotPay added a new service that not only unsubscribes you from marketing emails, but signs you up for any class action lawsuits against the company that was spamming you. We also walked through how to passcode-lock any app on your phone.

Dark Web Audit Finds 15 Billion Stolen Credentials

It’s no secret that hacker forums on the dark web are teeming with stolen credentials. But a recent audit from security firm Digital Shadows has put a number on just how large a problem that’s become. The data loss detection firm found 15 billion login pairs—user names and passwords—stemming from 100,000 breaches. Five billion of those were unique. The survey also details pricing, which varies widely based on how recent the breach is and what type of site it accesses. Financial services and banking passwords, unsurprisingly, command a much higher sum than file sharing or video game accounts. As always, WIRED recommends using a password manager to minimize the fallout when a company coughs up your sign-in info