Recently, a file with almost 10 billion hacked passwords was posted on a popular hacker forum. The Cybernews research team believes that the leak poses a serious danger to users who tend to reuse passwords.
On July 4, a data file named "rockyou2024.txt" containing 9,948,575,739 unique text passwords was published on a popular hacker forum. The file was published by a user under the name ObamaCare.
Although the user registered at the end of May 2024, he had previously shared a database of employees of the Simmons & Simmons law firm, potential customers of the AskGamblers online casino, and student applications for Rowan College in Burlington County.
The RockYou2024 collection did not appear by chance. Three years ago, Cybernews published an article about the RockYou2021 password collection, the largest at the time, with 8.4 billion plaintext passwords. According to the team's analysis of RockYou2024, attackers created the dataset by scouring the Internet for data breaches, adding another 1.5 billion passwords from 2021 to 2024 and increasing the dataset by 15%.
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers said.
How to protect yourself from RockYou2024?
Дослідницька група Cybernews радить:
- Immediately reset passwords for all accounts associated with the password breach. It is highly recommended to choose strong, unique passwords that are not reused across multiple platforms;
- Enable multi-factor authentication (MFA) whenever possible. This increases security by requiring additional verification beyond the password;
- Use password manager software to securely create and store complex passwords. Password managers reduce the risk of reusing a password across multiple accounts.
This leak, known as RockYou2024, poses a serious threat to users who reuse passwords and can be used by attackers to conduct brute force attacks. Cybersecurity experts recommend updating passwords and enabling multi-factor authentication.