Passwords need to go. At the rate we’re seeing all these system breaches taking place, it might be time to consider ditching passwords for good. If you needed more convincing, then check this out. Security researcher Jeremiah Fowler has encountered a public database containing the login credentials for Apple, Microsoft, Google, and Facebook accounts as part of a data breach.
Apple, Google, Microsoft data breach
According to Fowler, he stumbled across a public and unsecured database on the Internet. This database contains login credentials of users from some of the biggest tech companies in the world, including Apple, Google, Microsoft, and Facebook. It is estimated that the database holds 184 million unique records.
This includes emails, usernames, passwords, and direct login URLs. However, this isn’t part of some massive data breach. It is speculated that it could be a consolidated database from phishing campaigns and identity thefts over the years. The fact that the database is unsecured means that anyone, and we mean literally anyone, can view it and access its contents.
So, if you suspect you might have had your information stolen at some point in time, now’s a good time to update your login credentials. Also, as Fowler points out, it might be a good time to start clearing out your email inbox, too.
“Many people unknowingly treat their email accounts like free cloud storage and keep years’ worth of sensitive documents, such as tax forms, medical records, contracts, and passwords without considering how sensitive they are. This could create serious security and privacy risks if criminals were to gain access to thousands or even millions of email accounts.”
Living in a password-free world
The combination of usernames and passwords has existed for decades. However, it is an imperfect system. Hackers use all sorts of methods to extract passwords, including brute force attacks, phishing campaigns, trojans, keyloggers, and more. The next best thing would be to secure your account further using two-factor authentication.
This generates a one-time password that is sent to an authorized device, like your phone. It is a better solution unless hackers have found a way to intercept your phone or conduct a SIM swap attack. But even then, it’s not foolproof. This is why many tech companies, such as Apple and Google, have adopted passkeys.
This uses your phone’s biometrics to authenticate you when you log into online services. Adoption of passkeys isn’t as widespread as we would like yet, but it’s getting there.
2025-06-18 15:04:32