The largest hack in digital history happened a few days ago, the leak being larger than any country's population.

So change your passwords on every site, we wouldn't want to wake up to Side 7 being owned by Dr. Eggman now would we?

Passing this advice to you after a friend passed it to me to pass to others.

Good info, I just wish I didn't have to sign up to yet another website to read the article.

-- BK

Thanks for this, I might as well try to update my passwords bit by bit, since most of them need to be updated.

Article linked in the OP is paywalled so here's an alternative source. Cybernews also offers a password checker; see also Have I Been Pwned?.

Thank you.

-- BK

"10 billion passwords leaked in the largest compilation of all time"

• this leak is mostly previous old leaks combined with some fresh stuff
• a lot of it is just pure garbage
• quantity doesn't mean quality

is what I was able to gather from reading up on this online, so, maybe, let's fact check before giving advice and not cause unnecessary panic and waste people's time, next time.

I must admit some confusion. Is this "password database" just a collection of passwords people have used when these data breaches took place? Or are these passwords supposed to be associated with other information such as user logins or personal identifiers?

If we are talking about a massive attack by trying every password on this list, I started doing a little math. A password using just alpha-numeric characters with no regard for capitalization yields a combination of at least 78 billion sequences provided that a password does not exceed seven characters in length. If these characters are not allowed to repeat more than once in a sequence, it becomes 42 billion unique sequences. When capital letters are taken into account, a seven-character password with repeating characters comes to 3.5 trillion sequences and 2.5 trillion if characters can only be used once. These numbers increase exponentially the more characters you add.

Presumably, the danger in this list comes from the fact that people often use a simple word, name, or date because it is easy to remember. There are estimates of 170,000 to 220,000 words in English, up to 1 million words when accounting for different forms of terminology, jargon, words which have been modified by grammar or affixes, and foreign words of any limited usage in English. This list could clearly account for every word in English, but it is so far over that mark that there are additional features in use which this list is trying to account for. The number of words stacks when you add in other languages; Wiktionary has a little over 8 million pages for 4,400 languages, and I know that this does not account for all possible words in every language on the planet. And this number stacks again when you add additional securities such as a number or a symbol, multiplying the number of possibilities by 10 for just one number and continuing to multiply 10 for each following number. And, like I said, that's just if you add numbers to your password. The predictability of this list goes out the window if the sequence is not a word in any language or just a sequence of numbers.

Personally, I feel that this article is being unnecessarily paranoid just because it has a list of "passwords" from other people, passwords limited to a list of 10 billion unique sequences when the number of passwords that a user could possibly have can easily reach past that. While we're talking about people probably using a predictable sequence such as words or names, it seems that you only have to worry if you do not apply a bit of imagination to your passwords.

I misspell my passwords.