[worldfoodgood]

> Oh - and 1.3 billion unique passwords, 625 million of which we'd never seen before either.

It's not just email addresses. It's address + password combos.

But also, how did 2 billion email addresses get exposed? Assuming I give an email address to a company (and only that company) if someone gets access to that email addresss they either got it from me or that company. Knowing the company has sold, lost, or poorly protected my email address tells me they are maybe not worth working with in the future.

[buzer]

> But also, how did 2 billion email addresses get exposed?

The list contains emails which have been part of some other breaches. In my domain I have 2 emails that were exposed that weren't my normal email address. One of them was a typo that I used sign up for one service which was later breached. The other one was something someone used to register to service that I have never used & that service was later breached. Those emails have never been used for anything else as far as I'm aware.

Of course judging from what posted there are likely some other services as well which were breached but wasn't noticed/published until now.

[zwnow]

Yea a combo is more problemtic, I could see why thats an issue. Most important stuff in my life has 2FA with my phone thankfully. My banking password got breached like 3 years ago and i still didnt change it... nothing ever happened. I am guessing tech companies that could have huge negative influence on your life should have additional security measures in place, like not allowing a login from a different country unless some kinda mobile code is provided or stuff like that. I'm pretty naive with all that tbh.