- cross-posted to:
- privacy@programming.dev
digital-escape-tools-phi.vercel.app
- cross-posted to:
- privacy@programming.dev
You must log in or # to comment.
Start setting up passkeys where available, that is the safest and easiest way, I store mine on my selfhosted vaultwarden but you could use other ways. As long as the devices you use are secure, no passwd leaks, spoofing attempts or phishing can threaten you.
Are we sure someone just didn’t ask Gemini for 48 million Gmail credentials and immediately get them?
I’m holding a grudge because I was arranging a Craiglist sale and when I sent the buyer my phone number to text my account was suddenly disabled for “unusual activity” signing me out of everything. I was able to re-enable it right away, but I’m pretty sure whatever AI-trash system is in place to monitor accounts did it.
Are we sure someone just didn’t ask Gemini for 48 million Gmail credentials and immediately get them?
It looks like they come from infostealers:
100k onlyfans can get spicy
Shit, am I on the list?
I think the security researcher didn’t download the data.
But be sure to check out https://haveibeenpwned.com/ to check if your data is in other lists.
It looks like they come from infostealers
I get it, it was Gemini, we can stop repeating ourselves
This is why we have MFA.
Hey want to play a game? Your bank is gonna text you a number, and I’m going to guess it. Tell me if my guesses need to be higher or lower.
This is why you never enable SMS based MFA. TOTP is well established and just works. If you need even more security FIDO2 devices like YubiKey are a thing.
It would be nice if that was a choice but SMS is unavoidable.
For the love of God, someone inform Citibank and Chase of this. My dinky little local credit union allows me to use TOTP, but Citi and Chase still only seem to support SMS.
Chase supports push notifications via their app now, so at least they’re moving forward toward something a bit more secure. But yes, I’m so pissed that so many banks use SMS when it’s known to be easily spoofed.
hellnuh, that your own website you keep posting?
It is, but it doesn’t seem nefarious. Just somebody trying to carve out a little corner to help individuals find some tools to get away from Google and such. Maybe they make money via some affiliate links, but is that a bad thing?
Yeah, address looks sus af
Check Op’s username and the community it mods, and you’ll know what I mean.
Brought to you by proton
Analysis indicates the data was aggregated over time from multiple sources, including malware infections, phishing campaigns, and older third-party breaches. There is no indication of a direct compromise of Google’s internal infrastructure.
Everything is vulnerable to that, including proton.
