Scraped data of 2.6 million Duolingo users released on hacking forum - eviltoast

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.

  • redw04@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    That’s why correcthorsebatterystaple is the best way to do passwords imo, just 4 random words with a random special character dividing them and a random number tacked onto the end. Good luck brute forcing that or using AI to guess 4 randomly generated words in the correct order.

    • stevedidWHAT@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      1 year ago

      we were talking about password changes, not creation though

      Guessing someone’s password with no prior history vs with an “averaged” prior history of the world/some large dataset are two different sized sets.

      If you’ve got a feel for how the majority of people are changing their passwords, guessing those passwords is significantly easier when compared to traditional brute force

      Edit:

      Passphrases are fairly good too but I want to see some real word examples of AI trained on some password dumps to see how much better it performs in comparison to traditional brute force and through targeted info gathering. I’m curious to see if there’s any user friendly techniques that’d work against AI specifically and it’s ability to find patterns most people wouldn’t pick up on