{"id":712,"date":"2025-06-23T10:01:38","date_gmt":"2025-06-23T14:01:38","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=712"},"modified":"2025-06-23T10:02:07","modified_gmt":"2025-06-23T14:02:07","slug":"old-breaches-new-threats","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2025\/06\/23\/old-breaches-new-threats\/","title":{"rendered":"Old Breaches, New Threats: Why You Should Still Care About Leaked Passwords"},"content":{"rendered":"<p data-start=\"184\" data-end=\"412\">A huge collection of <strong data-start=\"205\" data-end=\"243\">16 billion usernames and passwords<\/strong> has been found online\u2014stolen from past breaches and malware attacks. Big names like <strong data-start=\"328\" data-end=\"378\">Google, Apple, Facebook, and even universities<\/strong> are among the platforms included.<\/p>\n<p data-start=\"414\" data-end=\"620\">But here&#8217;s the important part:<\/p>\n<ul>\n<li data-start=\"414\" data-end=\"620\">These aren&#8217;t new hacks\u2014it&#8217;s old data being reused by criminals to break into accounts.<\/li>\n<li data-start=\"414\" data-end=\"620\">If you reuse passwords, your school, email, or bank accounts could be at risk.<\/li>\n<\/ul>\n<hr \/>\n<h2>Has My School Account been Breached?<\/h2>\n<p><span style=\"font-weight: 400\">At this time we have no reason to believe ÌÇÐÄvlog passwords have been compromised. However, if you use your Montclair email and password for other services, your account may be at risk.<\/span><\/p>\n<hr \/>\n<h2 data-start=\"97\" data-end=\"124\">How This Affects You<\/h2>\n<p data-start=\"126\" data-end=\"256\">Even if you weren\u2019t part of a recent breach, your <strong data-start=\"176\" data-end=\"218\">old passwords might still be out there<\/strong>\u2014and cybercriminals are using them to:<\/p>\n<ul data-start=\"258\" data-end=\"543\">\n<li data-start=\"258\" data-end=\"338\">\n<p data-start=\"260\" data-end=\"338\"><strong data-start=\"260\" data-end=\"316\">Break into student portals, email, and bank accounts<\/strong> using reused logins<\/p>\n<\/li>\n<li data-start=\"339\" data-end=\"405\">\n<p data-start=\"341\" data-end=\"405\"><strong data-start=\"341\" data-end=\"403\">Send phishing emails from hacked student or staff accounts<\/strong><\/p>\n<\/li>\n<li data-start=\"406\" data-end=\"465\">\n<p data-start=\"408\" data-end=\"465\"><strong data-start=\"408\" data-end=\"463\">Access cloud storage, classwork, and personal files<\/strong><\/p>\n<\/li>\n<li data-start=\"466\" data-end=\"543\">\n<p data-start=\"468\" data-end=\"543\"><strong data-start=\"468\" data-end=\"541\">Target you with scams that look more real because they have your info<\/strong><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"545\" data-end=\"656\">If you\u2019ve ever reused a password, or used the same one for years, you could be at risk without even knowing it.<\/p>\n<p data-start=\"658\" data-end=\"723\"><strong data-start=\"658\" data-end=\"723\">It\u2019s not about if you were hacked\u2014it\u2019s about what you reused.<\/strong><\/p>\n<hr \/>\n<h2 data-start=\"627\" data-end=\"654\"><strong data-start=\"634\" data-end=\"654\">How to Stay Safe<\/strong><\/h2>\n<ol data-start=\"655\" data-end=\"1088\">\n<li data-start=\"655\" data-end=\"734\">\n<p data-start=\"658\" data-end=\"734\"><strong data-start=\"658\" data-end=\"689\">Change any reused passwords<\/strong>\u2014especially your school and email accounts.<\/p>\n<ul data-start=\"655\" data-end=\"1088\">\n<li data-start=\"655\" data-end=\"734\"><a href=\"https:\/\/iams-amc.montclair.edu\/page-intro\">NetID Account Management Center<\/a><\/li>\n<\/ul>\n<\/li>\n<li data-start=\"735\" data-end=\"816\">\n<p data-start=\"738\" data-end=\"816\"><strong data-start=\"738\" data-end=\"764\">Use a password manager<\/strong> to keep strong, unique passwords for every login.<\/p>\n<ul data-start=\"655\" data-end=\"1088\">\n<li data-start=\"735\" data-end=\"816\">Examples:\n<ul data-start=\"655\" data-end=\"1088\">\n<li data-start=\"735\" data-end=\"816\"><a href=\"https:\/\/www.lastpass.com\/\">LastPass<\/a><\/li>\n<li data-start=\"735\" data-end=\"816\"><a href=\"https:\/\/1password.com\/\">1Password<\/a><\/li>\n<li data-start=\"735\" data-end=\"816\"><a href=\"https:\/\/www.dashlane.com\/\">Dashlane<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"817\" data-end=\"910\">\n<p data-start=\"820\" data-end=\"910\"><strong>Turn on Multi-Factor Authentication for all accounts (like<a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/duo-mfa\/\"> Duo<\/a> or other authenticators)<\/strong><span style=\"font-weight: 400\">\u2014 Add MFA wherever it\u2019s offered including your banks, social media, etc. this blocks hackers even if they have your password.<\/span><\/p>\n<ul data-start=\"655\" data-end=\"1088\">\n<li data-start=\"817\" data-end=\"910\"><a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/duo-mfa\/\">Duo<\/a> isn&#8217;t just for your ÌÇÐÄvlog account, you can use it for your personal accounts too!<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"911\" data-end=\"996\">\n<p data-start=\"914\" data-end=\"996\"><strong data-start=\"914\" data-end=\"930\">Try passkeys<\/strong> if your device supports them (safer and easier than passwords).<\/p>\n<ul data-start=\"655\" data-end=\"1088\">\n<li data-start=\"911\" data-end=\"996\"><a href=\"https:\/\/safety.google\/authentication\/passkey\/\">Google Passkey<\/a><\/li>\n<li data-start=\"911\" data-end=\"996\"><a href=\"https:\/\/support.apple.com\/guide\/iphone\/use-passkeys-to-sign-in-to-websites-and-apps-iphf538ea8d0\/ios\">Apple<\/a><\/li>\n<\/ul>\n<\/li>\n<li data-start=\"997\" data-end=\"1088\">\n<p data-start=\"1000\" data-end=\"1088\"><strong data-start=\"1000\" data-end=\"1035\">Check if your info is out there<\/strong> at <a rel=\"noopener\" href=\"https:\/\/haveibeenpwned.com\" target=\"_new\" class=\"\" data-start=\"1039\" data-end=\"1087\">haveibeenpwned.com<\/a>.<\/p>\n<ul data-start=\"655\" data-end=\"1088\">\n<li data-start=\"997\" data-end=\"1088\">Service providers typically contact users via email or mail in cases of compromise.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h3 data-start=\"1095\" data-end=\"1113\">Reminder:<\/h3>\n<p data-start=\"1114\" data-end=\"1244\">If you get a suspicious email, <strong data-start=\"1145\" data-end=\"1181\">use the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Phish Alert Button (PAB)<\/a><\/strong> to report it\u2014one click helps protect you and our whole campus.<\/p>\n<hr \/>\n<h2 data-start=\"141\" data-end=\"175\"><strong data-start=\"148\" data-end=\"173\">Old Hacks, New Danger<\/strong><\/h2>\n<p data-start=\"176\" data-end=\"230\"><strong data-start=\"176\" data-end=\"230\">Why 16 Billion Leaked Passwords Still Matter Today<\/strong><\/p>\n<p data-start=\"232\" data-end=\"328\"><em data-start=\"235\" data-end=\"328\">The data in the massive 2024 leak came from past breaches. Here\u2019s where some of it started:<\/em><\/p>\n<ol>\n<li data-start=\"335\" data-end=\"447\"><strong data-start=\"338\" data-end=\"346\">2012<\/strong> \u2013 <strong data-start=\"349\" data-end=\"361\">LinkedIn<\/strong>\n<ul>\n<li data-start=\"335\" data-end=\"447\">117 million passwords stolen<\/li>\n<li data-start=\"335\" data-end=\"447\">Many people still reuse these credentials today.<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"449\" data-end=\"564\"><strong data-start=\"452\" data-end=\"465\">2013\u20132014<\/strong> \u2013 <strong data-start=\"468\" data-end=\"477\">Yahoo<\/strong>\n<ul>\n<li data-start=\"449\" data-end=\"564\">3 billion accounts compromised<\/li>\n<li data-start=\"449\" data-end=\"564\">One of the largest data breaches ever recorded.<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"566\" data-end=\"701\"><strong data-start=\"569\" data-end=\"577\">2013<\/strong> \u2013 <strong data-start=\"580\" data-end=\"589\">Adobe<\/strong>\n<ul>\n<li data-start=\"566\" data-end=\"701\">153 million usernames and encrypted passwords leaked<\/li>\n<li data-start=\"566\" data-end=\"701\">Popular among users using Adobe Creative Cloud.<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"703\" data-end=\"855\"><strong data-start=\"706\" data-end=\"714\">2016<\/strong> \u2013 <strong data-start=\"717\" data-end=\"745\">Myspace, Dropbox, Tumblr<\/strong>\n<ul>\n<li data-start=\"703\" data-end=\"855\">Hundreds of millions of accounts exposed<\/li>\n<li data-start=\"703\" data-end=\"855\">Even old, unused accounts can be used to reset current ones.<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"857\" data-end=\"1009\"><strong data-start=\"860\" data-end=\"873\">2019\u20132021<\/strong> \u2013 <strong data-start=\"876\" data-end=\"907\">Facebook, Twitter, and more<\/strong>\n<ul>\n<li data-start=\"857\" data-end=\"1009\">Personal data like phone numbers and emails leaked<\/li>\n<li data-start=\"857\" data-end=\"1009\">Used in phishing scams and identity theft.<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"1011\" data-end=\"1165\"><strong data-start=\"1014\" data-end=\"1023\">2020s<\/strong> \u2013 <strong data-start=\"1026\" data-end=\"1059\">Infostealer malware campaigns<\/strong>\n<ul>\n<li data-start=\"1011\" data-end=\"1165\">Malware silently collects passwords from infected devices<\/li>\n<li data-start=\"1011\" data-end=\"1165\">No platform is \u201chacked\u201d\u2014your device is.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<hr \/>\n<h2>Final Thoughts<\/h2>\n<p data-start=\"180\" data-end=\"347\">This massive leak is a wake-up call for all of us. Even if the data is old, the risks are real and out there.<\/p>\n<p data-start=\"349\" data-end=\"551\">Taking just a few minutes to <strong data-start=\"378\" data-end=\"410\">check if you\u2019ve been exposed<\/strong>, <strong data-start=\"412\" data-end=\"437\">update your passwords<\/strong>, and <strong data-start=\"443\" data-end=\"480\">turn on two-factor authentication for all of your accounts<\/strong>\u00a0can save you from weeks\u2014or even years\u2014of stress from a hacked account.<\/p>\n<p data-start=\"553\" data-end=\"653\">Cybersecurity isn\u2019t just an IT problem. It\u2019s a <strong data-start=\"600\" data-end=\"628\">community responsibility<\/strong>, and it starts with you.<\/p>\n<hr \/>\n<h2 data-start=\"553\" data-end=\"653\">Want to Know More?<\/h2>\n<p>ZDNet | <a href=\"https:\/\/www.zdnet.com\/article\/16-billion-passwords-leaked-across-apple-google-more-what-to-know-and-how-to-protect-yourself\/\">16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself<\/a><\/p>\n<p>cybernews | <a href=\"https:\/\/cybernews.com\/security\/billions-credentials-exposed-infostealers-data-leak\/\">16 billion passwords exposed in record-breaking data breach, opening access to Facebook, Google, Apple, and any other service imaginable<\/a><\/p>\n<p>BleepingComputer | <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/no-the-16-billion-credentials-leak-is-not-a-new-data-breach\/\">No, the 16 billion credentials leak is not a new data breach<\/a><\/p>\n<p>ConsumerAffairs | <a href=\"https:\/\/www.consumeraffairs.com\/news\/attention-your-passwords-are-probably-for-sale-on-the-dark-web-062325.html\">Attention, your passwords are probably for sale on the dark web<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A huge collection of 16 billion usernames and passwords has been found online\u2014stolen from past breaches and malware attacks. Big names like Google, Apple, Facebook, and even universities are among the platforms included. But here&#8217;s the important part: These aren&#8217;t new hacks\u2014it&#8217;s old data being reused by criminals to break into accounts. If you reuse [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":222,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-712","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=712"}],"version-history":[{"count":1,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/712\/revisions"}],"predecessor-version":[{"id":713,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/712\/revisions\/713"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/222"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}