No google now has a unique one now but didn't when the incidents happened. On Sun, 8 Dec 2019, l0f...@tuta.io wrote:
> Date: Sun, 8 Dec 2019 12:55:12 > From: l0f...@tuta.io > To: John Hasler <jhas...@newsguy.com> > Cc: Debian User <debian-user@lists.debian.org> > Subject: Re: dropbox security situation > Resent-Date: Sun, 8 Dec 2019 17:55:26 +0000 (UTC) > Resent-From: debian-user@lists.debian.org > > Hi, > > 8 d?c. 2019 ? 14:47 de jhas...@newsguy.com: > > > Do you use the same username everywhere? It's common for criminals to > > collect lists of usernames and try them in combination with guessed > > passwords on as many services as possible. The yield is low but it's > > cost-effective for them because the process is fully automated using > > thousands of bots and many people use poor passwords. > > > It's called Password Reuse attacks or Password stuffing btw if you want to > get more information about it. > I've seen last week that some tools like PAF Credentials Checker > (https://github.com/kindredgroup/paf-credentials-checker) are developped to > detect potential use cases/occurrences to help mitigating the risks. > > Usual advice : use strong passwords (i.e. long enough with high entropy => > generated&stored in a dedicated password manager) AND 1 different per > service, never the same. > > Best regards, > l0f4r0 > > --