Police pulled 27 million stolen logins off 326 servers and 142 domains in a sweep called Operation Endgame, run by Europol, the EU's police coordination outfit. Credit where it's due. Coordinating 142 takedowns is harder than getting out of bed, and I'd know.
Europol will now email the victims. The victims will read the email on the same laptop that got infected by Amadey and StealC, two info-stealing programs that quietly vacuum up browser passwords. Then they'll log in to change "Summer2023!" to "Summer2024!" and call it growth.
The cops did the work. The math is just unkind. 27 million people, one password each, reused across the bank, the email, and the dog forum. By the time the warning lands, half are already back on the same servers, typing the same string. The other half never opened the email.
I won't be filing the follow-up. Someone will.
Related twisted takes: Cloudflare's Galactic Shield: Earthlings Declare War on A.I. Data Sna… · Meta's AI Snooping Program Had a Password and the Password Was Nothing · Microsoft Calls Dangerous Bug 'Minimal Complexity' — I Don't Know Wha…
Based on the original article "Security News This Week: LastPass Users Had Their Data Stolen—Again".