[alxlaz]

From the linked article:

> user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware.

So this isn't from website dumps with plaintext passwords.

[trollbridge]

If I did highly secure work (which I don’t), I’d set up a few honeypot machines and input my “secure credentials” (with a bogus password) into that repeatedly.

[alxlaz]

Yeah, inputing "secure credentials" traceable directly to you with what you'd hope is a bogus password is a very bad idea, especially if you're doing highly secure work.

[trollbridge]

"Hope"? Generate random text, repeatedly type it in with AutoHotKey on honeypot machine, whatever rootkits are on there get garbled, useless data.

[alxlaz]

These aren't local credentials, these are credentials from various third-party websites that made their way into stealer logs. Garbled or not, using your personal email address for both legitimate purposes (e.g. Google Calendar, as the article points out) and honeypots isn't the best idea.

[lostmsu]

Them not naming the sites is pretty telling.

[alxlaz]

They're linking to the original source of the news, which literally names "the sites".

[lostmsu]

No it does not. What sites appeared in the "stealer logs" with his email?

[alxlaz]

Ah, I thought you meant what sites list the stolen credentials. The exact overlap of websites across four separate stealer logs is enough to leak an email address pretty reliably. The only thing that's "telling" for is that they're not willing to dox this person.