Old Breaches, New Threats: Why You Should Still Care About Leaked Passwords
Posted in: News
A huge collection of 16 billion usernames and passwords has been found online—stolen from past breaches and malware attacks. Big names like Google, Apple, Facebook, and even universities are among the platforms included.
But here’s the important part:
- These aren’t new hacks—it’s old data being reused by criminals to break into accounts.
- If you reuse passwords, your school, email, or bank accounts could be at risk.
Has My School Account been Breached?
At this time we have no reason to believe Montclair State University passwords have been compromised. However, if you use your Montclair email and password for other services, your account may be at risk.
How This Affects You
Even if you weren’t part of a recent breach, your old passwords might still be out there—and cybercriminals are using them to:
-
Break into student portals, email, and bank accounts using reused logins
-
Send phishing emails from hacked student or staff accounts
-
Access cloud storage, classwork, and personal files
-
Target you with scams that look more real because they have your info
If you’ve ever reused a password, or used the same one for years, you could be at risk without even knowing it.
It’s not about if you were hacked—it’s about what you reused.
How to Stay Safe
-
Change any reused passwords—especially your school and email accounts.
-
Use a password manager to keep strong, unique passwords for every login.
-
Turn on Multi-Factor Authentication for all accounts (like Duo or other authenticators)— Add MFA wherever it’s offered including your banks, social media, etc. this blocks hackers even if they have your password.
- Duo isn’t just for your Montclair State University account, you can use it for your personal accounts too!
-
Try passkeys if your device supports them (safer and easier than passwords).
-
Check if your info is out there at haveibeenpwned.com.
- Service providers typically contact users via email or mail in cases of compromise.
Reminder:
If you get a suspicious email, use the Phish Alert Button (PAB) to report it—one click helps protect you and our whole campus.
Old Hacks, New Danger
Why 16 Billion Leaked Passwords Still Matter Today
The data in the massive 2024 leak came from past breaches. Here’s where some of it started:
- 2012 – LinkedIn
- 117 million passwords stolen
- Many people still reuse these credentials today.
- 2013–2014 – Yahoo
- 3 billion accounts compromised
- One of the largest data breaches ever recorded.
- 2013 – Adobe
- 153 million usernames and encrypted passwords leaked
- Popular among users using Adobe Creative Cloud.
- 2016 – Myspace, Dropbox, Tumblr
- Hundreds of millions of accounts exposed
- Even old, unused accounts can be used to reset current ones.
- 2019–2021 – Facebook, Twitter, and more
- Personal data like phone numbers and emails leaked
- Used in phishing scams and identity theft.
- 2020s – Infostealer malware campaigns
- Malware silently collects passwords from infected devices
- No platform is “hacked”—your device is.
Final Thoughts
This massive leak is a wake-up call for all of us. Even if the data is old, the risks are real and out there.
Taking just a few minutes to check if you’ve been exposed, update your passwords, and turn on two-factor authentication for all of your accounts can save you from weeks—or even years—of stress from a hacked account.
Cybersecurity isn’t just an IT problem. It’s a community responsibility, and it starts with you.
Want to Know More?
ZDNet | 16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself
BleepingComputer | No, the 16 billion credentials leak is not a new data breach
ConsumerAffairs | Attention, your passwords are probably for sale on the dark web