{"version":"1.0.0","segments":[{"startTime":0.08,"endTime":3.84,"body":"Welcome to the tech tip podcast with Greg Doig, where we filter out the"},{"startTime":3.84,"endTime":7.359,"body":"noise and serve up the week's essential tech news, tips, and"},{"startTime":7.359,"endTime":11.04,"body":"guides. Today, we're pouring a perfect blend of tech topics and"},{"startTime":11.04,"endTime":14.755,"body":"digital innovations that matter to you. Welcome back, everyone."},{"startTime":14.755,"endTime":18.595,"body":"I'm Greg Doigan. If you're listening to this, there's a real chance that"},{"startTime":18.595,"endTime":22.035,"body":"your Apple ID, Google account, or dozens of other"},{"startTime":22.035,"endTime":25.575,"body":"login credentials are sitting in the database that was recently"},{"startTime":25.795,"endTime":29.52,"body":"exposed to the entire Internet. I'm not talking about a"},{"startTime":29.52,"endTime":33.04,"body":"theoretical hack or some distant threat. I'm talking about a"},{"startTime":33.04,"endTime":36.64,"body":"84,000,000 real usernames and passwords that"},{"startTime":36.64,"endTime":39.86,"body":"were just sitting there unprotected for anyone to download."},{"startTime":40.559,"endTime":44.02,"body":"No encryption. No password protection just out there."},{"startTime":44.535,"endTime":48.315,"body":"This is one of the biggest credential exposures we've seen this year,"},{"startTime":48.375,"endTime":52.074,"body":"and somehow it's flying under the radar while everyone's distracted"},{"startTime":52.214,"endTime":55.894,"body":"by AI drama and tech layoffs. So today, we're gonna"},{"startTime":55.894,"endTime":59.57,"body":"break down exactly what happened, how your data probably got stolen in the"},{"startTime":59.57,"endTime":63.25,"body":"first place, and most importantly, what you need to do right"},{"startTime":63.25,"endTime":66.85,"body":"now to protect yourself. Because here's the thing. This"},{"startTime":66.85,"endTime":70.45,"body":"wasn't a sophisticated nation state attack on Apple or Google"},{"startTime":70.45,"endTime":74.295,"body":"servers. This was something much more insidious, and it's happening"},{"startTime":74.295,"endTime":77.835,"body":"to millions of people every single day without them even knowing it."},{"startTime":78.215,"endTime":81.515,"body":"So let's start with how this massive exposure was discovered."},{"startTime":82.135,"endTime":85.275,"body":"In May 2025, cybersecurity researcher,"},{"startTime":86.08,"endTime":89.84,"body":"Jeremiah Fowler, and if you follow data breach news,"},{"startTime":89.84,"endTime":93.6,"body":"you've probably heard his name before, was doing what he does"},{"startTime":93.6,"endTime":97.06,"body":"best, hunting for exposed databases on the Internet."},{"startTime":97.52,"endTime":101.315,"body":"And boy, did he find one. Picture this, a 47"},{"startTime":101.315,"endTime":105.095,"body":"gigabyte database just sitting there on the Internet completely unprotected."},{"startTime":105.795,"endTime":109.635,"body":"No password required. No encryption. You could literally just"},{"startTime":109.635,"endTime":112.535,"body":"navigate to it in your web browser and start downloading."},{"startTime":113.36,"endTime":114.48,"body":"And inside, a"},{"startTime":114.48,"endTime":118.96,"body":"84,162,718"},{"startTime":118.96,"endTime":122.8,"body":"unique usernames and passwords. To put that in perspective,"},{"startTime":122.8,"endTime":126.64,"body":"that's roughly half the population of The United States, and these"},{"startTime":126.64,"endTime":130.205,"body":"weren't fake accounts or test data. These were real working"},{"startTime":130.264,"endTime":134.025,"body":"credentials for some of the biggest platforms on the Internet. We're talking"},{"startTime":134.025,"endTime":137.805,"body":"Apple IDs, Google accounts, Microsoft logins, Facebook,"},{"startTime":138.025,"endTime":141.405,"body":"Instagram, Snapchat, Discord, Netflix,"},{"startTime":141.625,"endTime":145.22,"body":"PayPal, the works. But it gets worse. This"},{"startTime":145.22,"endTime":148.9,"body":"database also contained credentials for banking platforms, health"},{"startTime":148.9,"endTime":152.66,"body":"care portals, and even government websites from 29 different"},{"startTime":152.66,"endTime":156.5,"body":"countries. When followers spot checks some of the data by reaching"},{"startTime":156.5,"endTime":160.045,"body":"out to people whose emails were in the database, they"},{"startTime":160.045,"endTime":163.885,"body":"confirmed, yes, these were real passwords. Now"},{"startTime":163.885,"endTime":167.245,"body":"here's where this story gets really interesting because this wasn't a"},{"startTime":167.245,"endTime":170.545,"body":"traditional data breach. Apple didn't get hacked."},{"startTime":170.685,"endTime":174.25,"body":"Google's servers weren't compromised. Facebook security"},{"startTime":174.25,"endTime":177.69,"body":"wasn't breached. Instead, this appears to be the work of something"},{"startTime":177.69,"endTime":181.53,"body":"called info stealer malware. And if you're not familiar with this"},{"startTime":181.53,"endTime":185.37,"body":"term, you need to be because it's becoming one of the biggest threats facing regular"},{"startTime":185.37,"endTime":188.865,"body":"Internet users today. Infostealer malware is"},{"startTime":188.865,"endTime":192.545,"body":"exactly what it sounds like, malicious software designed to steal"},{"startTime":192.545,"endTime":196.305,"body":"information from your computer. But these aren't the clunky, obvious"},{"startTime":196.305,"endTime":200.065,"body":"viruses of the past. These are sophisticated, silent programs that can"},{"startTime":200.065,"endTime":203.17,"body":"run on your machine for months without you ever knowing they're there."},{"startTime":203.55,"endTime":207.23,"body":"Here's how they work. You get infected usually through a phishing"},{"startTime":207.23,"endTime":210.83,"body":"email, a malicious website, or by downloading cracked"},{"startTime":210.83,"endTime":214.43,"body":"software. The malware quietly installs itself and then gets to"},{"startTime":214.43,"endTime":217.895,"body":"work. It's looking through your web browsers for saved passwords."},{"startTime":218.275,"endTime":222.115,"body":"It's grabbing your autofill data. It's taking screenshots when you log"},{"startTime":222.115,"endTime":225.475,"body":"in to sensitive sites. Some variants even steal"},{"startTime":225.475,"endTime":228.89,"body":"cryptocurrency wallet files. And the real scary part,"},{"startTime":229.189,"endTime":233.03,"body":"according to IBM's latest threat intelligence report, phishing"},{"startTime":233.03,"endTime":236.709,"body":"emails delivering info stealers surged by 84% in"},{"startTime":236.709,"endTime":239.829,"body":"2024. Checkpoint Security found a"},{"startTime":239.829,"endTime":243.049,"body":"58% increase in info stealer attacks overall."},{"startTime":243.455,"endTime":247.295,"body":"And get this, there are currently over 10,000,000 stolen steeler"},{"startTime":247.295,"endTime":250.895,"body":"logs being traded on underground markets right now. That's"},{"startTime":250.895,"endTime":254.515,"body":"10,000,000 collections of stolen data from infected computers"},{"startTime":254.895,"endTime":258.61,"body":"just being bought and sold like commodities. So what"},{"startTime":258.61,"endTime":262.229,"body":"we're looking at here isn't one massive data breach, but the accumulation"},{"startTime":262.449,"endTime":266.13,"body":"of potentially millions of individual infections. Every"},{"startTime":266.13,"endTime":269.889,"body":"time someone gets hit by info stealer malware, their credentials get"},{"startTime":269.889,"endTime":273.49,"body":"added to these massive databases that criminals use to fuel further"},{"startTime":273.49,"endTime":277.055,"body":"attacks. And the scope of this particular database was"},{"startTime":277.055,"endTime":280.755,"body":"staggering. In just a small sample of 10,000 records,"},{"startTime":281.135,"endTime":284.735,"body":"researchers found credentials for over 850"},{"startTime":284.735,"endTime":288.199,"body":"Google and Facebook accounts, hundreds of Roblox,"},{"startTime":288.5,"endTime":291.78,"body":"Discord, Microsoft, Netflix, and PayPal accounts, and"},{"startTime":291.78,"endTime":295.46,"body":"220 government email addresses with .gov"},{"startTime":295.46,"endTime":299.155,"body":"domains. But here's what really keeps me up at night. We have no"},{"startTime":299.155,"endTime":302.915,"body":"idea how long this database was exposed before Fowler found"},{"startTime":302.915,"endTime":306.675,"body":"it. Could have been days, could have been months, and we don't know if other"},{"startTime":306.675,"endTime":309.735,"body":"malicious actors downloaded it before it was taken offline."},{"startTime":310.435,"endTime":313.83,"body":"The hosting provider, World Host Group, did take it down"},{"startTime":313.83,"endTime":317.35,"body":"immediately after being notified, but the damage may already be"},{"startTime":317.35,"endTime":321.03,"body":"done. This data is probably already being sold on dark web"},{"startTime":321.03,"endTime":324.389,"body":"marketplaces and used for credential stuffing attacks as we"},{"startTime":324.389,"endTime":328.194,"body":"speak. Alright. So let's talk about what this actually means for"},{"startTime":328.194,"endTime":332.035,"body":"you, the listener. If you use the Internet, and I'm gonna assume that you"},{"startTime":332.035,"endTime":335.474,"body":"do since you're listening to a tech podcast, there's a real"},{"startTime":335.474,"endTime":339.3,"body":"possibility your credentials were in this database. The big concern"},{"startTime":339.3,"endTime":343.08,"body":"here isn't just that someone might log into your Instagram account and post embarrassing"},{"startTime":343.139,"endTime":346.76,"body":"photos, it's what security experts call credential stuffing."},{"startTime":347.38,"endTime":351.224,"body":"See, most people reuse passwords across multiple sites. So"},{"startTime":351.224,"endTime":354.824,"body":"if a cybercriminal gets your Netflix password, the first thing they're gonna"},{"startTime":354.824,"endTime":358.344,"body":"try is that same email and password combination on your"},{"startTime":358.344,"endTime":361.724,"body":"bank's website. Your Amazon account, your work email,"},{"startTime":361.944,"endTime":365.56,"body":"everywhere. This is why security experts have been screaming"},{"startTime":365.56,"endTime":369.24,"body":"about password reuse for years. It's not just that one account"},{"startTime":369.24,"endTime":372.92,"body":"gets compromised, it's that criminals can potentially access your entire"},{"startTime":372.92,"endTime":376.335,"body":"digital life. And if your credentials were used for more"},{"startTime":376.335,"endTime":379.855,"body":"sensitive accounts, say a work email that gives access to corporate"},{"startTime":379.855,"endTime":383.695,"body":"systems or a government portal or a health care platform with your"},{"startTime":383.695,"endTime":387.455,"body":"medical records, the implications get really serious really"},{"startTime":387.455,"endTime":391.17,"body":"fast. There's also the identity theft angle. With"},{"startTime":391.17,"endTime":394.77,"body":"access to your email account, criminals can often reset passwords for other"},{"startTime":394.77,"endTime":398.31,"body":"services, intercept two factor authentication codes,"},{"startTime":398.45,"endTime":402.21,"body":"and basically take over your digital identity. So let me get a bit"},{"startTime":402.21,"endTime":405.955,"body":"technical for a moment. Because understanding how Infostealer malware"},{"startTime":406.014,"endTime":409.615,"body":"works can help you protect yourself, these programs typically"},{"startTime":409.615,"endTime":413.294,"body":"use multiple collection methods. They're doing key logging, which"},{"startTime":413.294,"endTime":416.96,"body":"is recording every keystroke you make. They're dumping saved"},{"startTime":416.96,"endTime":420.56,"body":"credentials from your browser's password manager. They're grabbing"},{"startTime":420.56,"endTime":424.24,"body":"data from web forms before it even gets encrypted. And some of"},{"startTime":424.24,"endTime":427.919,"body":"them monitor your clipboard, which is particularly dangerous if you're"},{"startTime":427.919,"endTime":431.06,"body":"copying and pasting passwords or cryptocurrency addresses."},{"startTime":431.705,"endTime":435.385,"body":"The more advanced ones even do what's called man in the browser attacks, where"},{"startTime":435.385,"endTime":439.145,"body":"they inject malicious code directly into your web browser to"},{"startTime":439.145,"endTime":442.905,"body":"manipulate transactions in real time. Once they've collected"},{"startTime":442.905,"endTime":446.345,"body":"all this data, it gets compiled into what criminals call stealer"},{"startTime":446.345,"endTime":449.58,"body":"logs and transmitted to command and control servers."},{"startTime":450.04,"endTime":453.64,"body":"From there, it either gets sold on underground markets or used directly by"},{"startTime":453.64,"endTime":457.48,"body":"criminals who deployed the malware. The really insidious part is"},{"startTime":457.48,"endTime":461.1,"body":"how they're distributed. We're not talking about, obviously, malicious"},{"startTime":461.16,"endTime":464.855,"body":"files anymore. These things are often bundled with legitimate"},{"startTime":464.995,"endTime":468.355,"body":"looking software hidden in email attachments that look like"},{"startTime":468.355,"endTime":472.195,"body":"invoices or shipping notifications or embedded in websites"},{"startTime":472.195,"endTime":475.955,"body":"that have been compromised. And once you're infected, the malware is"},{"startTime":475.955,"endTime":479.789,"body":"designed to be as stealthy as possible. No pop ups, no obvious"},{"startTime":479.789,"endTime":483.569,"body":"signs of infection. It just quietly does its work in the background."},{"startTime":484.43,"endTime":488.27,"body":"Okay. Enough doom and gloom. Let's talk about what you can actually do"},{"startTime":488.27,"endTime":491.835,"body":"to protect yourself starting right now. First, assume you're"},{"startTime":491.835,"endTime":494.875,"body":"affected. I know that sounds paranoid, but with a"},{"startTime":494.875,"endTime":498.015,"body":"84,000,000 credentials in just this one database"},{"startTime":498.555,"endTime":502.395,"body":"and millions more in other breaches that happen constantly, the odds"},{"startTime":502.395,"endTime":505.8,"body":"are not in your favor. So here's some steps you can follow."},{"startTime":506.12,"endTime":509.58,"body":"Step one. Change your passwords, all of them."},{"startTime":509.879,"endTime":513.399,"body":"Start with the most critical accounts, your email, banking, work"},{"startTime":513.399,"endTime":517.08,"body":"accounts, anything with payment information. And here's the"},{"startTime":517.08,"endTime":520.865,"body":"key, make each password unique. Use a password"},{"startTime":520.865,"endTime":523.765,"body":"manager if you have to, but stop reusing passwords."},{"startTime":524.705,"endTime":528.465,"body":"Step two, enable two factor authentication everywhere you"},{"startTime":528.465,"endTime":531.905,"body":"can, and I mean everywhere. Your email, social media,"},{"startTime":531.905,"endTime":535.045,"body":"banking, shopping accounts, work systems, everything."},{"startTime":536.1,"endTime":539.94,"body":"If criminals have your password, two factor authentication makes it"},{"startTime":539.94,"endTime":543.24,"body":"exponentially harder for them to actually access your account."},{"startTime":543.94,"endTime":547.62,"body":"Step three, clean up your email account. Seriously, when was the"},{"startTime":547.62,"endTime":551.0,"body":"last time you went through your old emails and deleted sensitive information?"},{"startTime":551.915,"endTime":555.755,"body":"Financial documents, password reset emails, and anything with personal"},{"startTime":555.755,"endTime":559.514,"body":"information, get rid of it. As one security expert"},{"startTime":559.514,"endTime":563.274,"body":"put it, too many people treat their email like free cloud storage and"},{"startTime":563.274,"endTime":566.954,"body":"keep years worth of sensitive documents without thinking about how dangerous"},{"startTime":566.954,"endTime":570.37,"body":"that is. And step four, get serious about"},{"startTime":570.37,"endTime":574.13,"body":"antivirus and anti malware protection. I know some of you think"},{"startTime":574.13,"endTime":577.81,"body":"you're too smart to get infected, but info stealer malware is"},{"startTime":577.81,"endTime":581.65,"body":"getting increasingly sophisticated, and it only takes one moment"},{"startTime":581.65,"endTime":585.464,"body":"of inattention. And here's what really concerns me about this"},{"startTime":585.464,"endTime":588.845,"body":"story. It represents a fundamental shift in how cyber criminals"},{"startTime":588.904,"endTime":592.665,"body":"operate. Instead of trying to break into Apple or Google's heavily"},{"startTime":592.665,"endTime":596.265,"body":"fortified servers, they're going after individual users with"},{"startTime":596.265,"endTime":599.76,"body":"targeted malware campaigns. It's often easier, less"},{"startTime":599.76,"endTime":603.52,"body":"risky, and incredibly scalable. And the infrastructure for"},{"startTime":603.52,"endTime":607.36,"body":"this kind of crime has become increasingly professionalized. There"},{"startTime":607.36,"endTime":610.96,"body":"are malware as a service platforms where criminals can rent access to"},{"startTime":610.96,"endTime":614.714,"body":"info stealer malware. There are underground marketplaces where"},{"startTime":614.714,"endTime":618.315,"body":"stolen credentials are bought and sold like stocks. There are"},{"startTime":618.315,"endTime":621.935,"body":"entire criminal ecosystems built around harvesting and monetizing"},{"startTime":622.075,"endTime":625.8,"body":"your personal data. And the scary part, this is just what"},{"startTime":625.8,"endTime":629.4,"body":"we know about. For every exposed database like this one that"},{"startTime":629.4,"endTime":633.0,"body":"gets discovered and taken down, how many others are there out there that we"},{"startTime":633.0,"endTime":636.76,"body":"haven't found yet? This ties into another problem with how we think"},{"startTime":636.76,"endTime":640.405,"body":"about cybersecurity. We focus so much on the big headline"},{"startTime":640.405,"endTime":643.865,"body":"grabbing breaches, the Equifax hack, the Target breach,"},{"startTime":644.165,"endTime":647.845,"body":"the Facebook Cambridge Analytica scandal. But the reality"},{"startTime":647.845,"endTime":651.685,"body":"is that most people are probably losing their data through these smaller, more"},{"startTime":651.685,"endTime":655.5,"body":"targeted attacks that happen every single day. So where does"},{"startTime":655.5,"endTime":659.339,"body":"this leave us? Well, the good news is that companies are starting to take this"},{"startTime":659.339,"endTime":662.88,"body":"threat more seriously. Microsoft, for example,"},{"startTime":663.18,"endTime":666.805,"body":"recently announced they're switching to passkeys by default and"},{"startTime":666.805,"endTime":670.645,"body":"working to eliminate passwords entirely from their ecosystem. Apple"},{"startTime":670.645,"endTime":673.945,"body":"and Google are both investing heavily in more secure authentication"},{"startTime":674.165,"endTime":677.845,"body":"methods. But until we get to that password less future, we're"},{"startTime":677.845,"endTime":681.14,"body":"stuck with the current system. And that means the responsibility"},{"startTime":681.52,"endTime":685.36,"body":"falls on us, the users, to protect ourselves. The"},{"startTime":685.36,"endTime":688.98,"body":"other thing that gives me hope is that researchers like Jeremiah Fowler"},{"startTime":689.279,"endTime":693.12,"body":"are out there doing this work, finding these exposed databases and getting"},{"startTime":693.12,"endTime":696.815,"body":"them taken down before even more damage could be done. It's a"},{"startTime":696.815,"endTime":700.195,"body":"cat and mouse game, but at least there are people fighting the good fight."},{"startTime":700.654,"endTime":704.195,"body":"But we can't just rely on security researchers to save us."},{"startTime":704.334,"endTime":708.175,"body":"We need to take personal responsibility for our digital security because"},{"startTime":708.175,"endTime":711.75,"body":"the alternative is becoming a statistic in the next next massive credential"},{"startTime":712.449,"endTime":716.209,"body":"database that gets discovered. Look, I know this"},{"startTime":716.209,"endTime":719.889,"body":"has been a heavy episode. Nobody wants to think about the possibility that"},{"startTime":719.889,"endTime":722.87,"body":"their personal data is being sold on dark web marketplaces."},{"startTime":723.845,"endTime":727.285,"body":"But the reality is that this is the world we live in now, and ignoring"},{"startTime":727.285,"endTime":730.985,"body":"the problem doesn't make it go away. The silver lining,"},{"startTime":731.285,"endTime":735.125,"body":"if you take action now, change those passwords, enable two"},{"startTime":735.125,"endTime":738.61,"body":"factor authentication, clean up your digital footprint, you're"},{"startTime":738.61,"endTime":742.13,"body":"already ahead of 90% of Internet users who are still using"},{"startTime":742.13,"endTime":745.89,"body":"password one two three for everything. This stuff"},{"startTime":745.89,"endTime":749.65,"body":"matters. Your digital security isn't just about protecting your social media"},{"startTime":749.65,"endTime":753.285,"body":"accounts anymore. It's about protecting your financial information,"},{"startTime":753.665,"endTime":757.185,"body":"your work data, your personal communications, your entire"},{"startTime":757.185,"endTime":760.705,"body":"digital life. So do me a favor. Go and"},{"startTime":760.705,"endTime":764.31,"body":"change all your passwords, please. And it's gonna wrap up"},{"startTime":764.31,"endTime":767.67,"body":"today's episode. If this story freaked you out as much as it did"},{"startTime":767.67,"endTime":771.43,"body":"me, share it with someone who needs to hear it. The more people who"},{"startTime":771.43,"endTime":775.269,"body":"understand these threats, the harder it becomes for criminals to exploit"},{"startTime":775.269,"endTime":778.835,"body":"them. Until next time, stay secure out there."},{"startTime":780.735,"endTime":784.435,"body":"Thank you for tuning in to today's episode of tech tips with Greg Doig."},{"startTime":784.575,"endTime":788.415,"body":"If you found this information helpful, be sure to subscribe so you never"},{"startTime":788.415,"endTime":792.08,"body":"miss future episodes where we'll continue breaking down complex technology"},{"startTime":792.46,"endTime":796.06,"body":"into simple, actionable advice. You can also follow us at"},{"startTime":796.06,"endTime":799.76,"body":"gregdoig.com for more tech insights and quick solutions"},{"startTime":799.82,"endTime":803.6,"body":"to common tech problems. This has been Tech Tips with Greg Doig"},{"startTime":803.74,"endTime":807.579,"body":"proudly brought to you by WBBI, the voice of Beaver Island."},{"startTime":807.879,"endTime":811.639,"body":"Until next time, stay curious and keep your technology working for"},{"startTime":811.639,"endTime":813.659,"body":"you, not against you."}]}