top | item 43935187

(no title)

alxlaz | 9 months ago

From the linked article:

> user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware.

So this isn't from website dumps with plaintext passwords.

discuss

trollbridge|9 months ago

If I did highly secure work (which I don’t), I’d set up a few honeypot machines and input my “secure credentials” (with a bogus password) into that repeatedly.

alxlaz|9 months ago

Yeah, inputing "secure credentials" traceable directly to you with what you'd hope is a bogus password is a very bad idea, especially if you're doing highly secure work.

lostmsu|9 months ago

Them not naming the sites is pretty telling.

alxlaz|9 months ago

They're linking to the original source of the news, which literally names "the sites".