How in the world did a crime ring of about a dozen Russian men hack 1.2 billion user name and password combinations - plus a half billion email addresses?
They did it by exploiting two major vulnerabilities many major online services have to hacking - 1) poorly stored usernames and passwords, and 2) something called "SQL injection".
I'm not going to pretend I know my way around these two issues. But Tom Scott, a regular contributor to the Computerphile YouTube channel, does.
The man's a genius at explaining these vulnerabilities in language that even people like me can understand.
See if your jaw doesn't drop as you start to understand how scarily easy these thefts are to engineer if you're bent on malice and know what you're doing.
Tom Scott on the right and wrong ways to store usernames and passwords.
Tom Scott on SQL injection.