The world’s biggest password leak reveals about 10 billion credentials.

Cybernews analysts say the largest stolen password collection ever was released to a prominent criminal marketplace. 

Known as RockYou2024 by its original poster “ObamaCare,” this leak contains approximately 10 billion unencrypted passwords.

The passwords, allegedly from years of data breaches and attacks, were released on July 4th and heralded as the forum’s largest collection of stolen and leaked credentials.

“In its core, the RockYou2024 leak is a collection of real-world passwords used by people worldwide,” experts told Cybernews. “Disclosing that many threat actor passwords greatly increases credential stuffing risk.”

Criminals, ransomware groups, and state-sponsored hackers often access services and systems using credential-stuffing assaults.

The RockYou2024 password collection might be used to brute-force assaults on unprotected systems and “gain unauthorized access to various online accounts used by individuals whose passwords are included in the dataset,” the study team warned.

Online services, cameras, and hardware may suffer.

This might impact online services, internet-facing cameras, and industrial devices.

RockYou2024, along with other exposed datasets on hacker forums and markets that contain user email addresses and other credentials, might cause a cascade of data breaches, financial scams, and identity thefts, the researchers determined.

The data breach is alarming, but RockYou2024 is mostly a compilation of prior password thefts, estimated to comprise entries from 4,000 huge databases of stolen credentials spanning at least two decades.

This file contains 8.4 billion passwords from RockYou2021, an older credentials database. RockYou2024 added 1.5 billion passwords from 2021 to 2024, which is a tiny percentage of the leak’s 9,948,575,739 passwords.

Thus, individuals who changed their passwords in 2021 may not need to worry about a hack.

However, Cybernews researchers emphasized data security. They recommend updating the passwords for any accounts related to the disclosed information immediately, using strong, unique passwords that are not repeated across platforms.

When possible, they recommended multi-factor authentication (MFA), which needs a second verification step beyond the password, to boost cyber security.

Finally, computer users should use password manager software to securely establish and save complicated passwords to avoid account reuse.

Thank you for reading this post, don't forget to follow my whatsapp channel