- Breach date: 16 October 2024
- Date added to HIBP: 7 November 2024
- Compromised accounts: 420,961
- Compromised data: Email addresses, Usernames
- Breach date: 16 October 2024
- Date added to HIBP: 7 November 2024
- Compromised accounts: 420,961
- Compromised data: Email addresses, Usernames
People commonly reuse the same usernames and passwords with an associated email. All that must be done is check breach data for matching email and username and then try the password from the list. You’ll likely find more than a few will be a match
You are correct that people commonly reuse passwords. People are stupid after all. But in this case passwords weren’t taken because they were encrypted, so all they’ve got is user names and email addresses.
From the sounds of it, the database was actually pretty secure the problem was the interface between the database and the website wasn’t. Good news is because the database was secure not a lot of sensitive information has been leaked.