Record-Breaking Leak Exposes 10 Billion Stolen Passwords
Months after the massive “mother of all breaches” was revealed in January, another significant leak has surfaced. On July 4th, a compilation of nearly 10 billion unique plaintext passwords (9,948,575,739 to be exact) was posted on a hacker forum, according to the Cybernews research team.
RockYou2024: A New Mega Breach
The file, uploaded by a user named ObamaCare and titled rockyou2024.txt, references the previous largest password compilation, RockYou2021. The RockYou2021 file was a 100 GB text file containing 8.4 billion plaintext passwords.
Cybernews reports that RockYou2024 is a combination of the earlier leak and over 1.5 billion new passwords collected between 2021 and 2024.
Implications and Threats
The Cybernews team warns that the leaked passwords will likely be used for credential stuffing attacks. This type of cyberattack involves using stolen account credentials to gain unauthorized access to user accounts. Researchers believe that RockYou2024 could lead to a wave of data breaches, financial frauds, and identity thefts when combined with older leaked databases.
Protecting Your Accounts
While you can’t undo the leak, Cybernews offers several steps to secure your accounts:
- Reset Your Passwords: Immediately change passwords for all accounts associated with the leaked data. Choose strong, unique passwords that aren’t reused across multiple platforms.
- Enable Multi-Factor Authentication (MFA): Wherever possible, activate MFA. This adds an extra layer of security by requiring additional verification beyond just a password.
- Use a Password Manager: Password managers can securely generate and store complex passwords, reducing the risk of password reuse across different accounts.
- Check HaveIBeenPwned.com: Regularly check this site to see if your passwords have been compromised and need updating.
By taking these precautions, you can enhance the security of your online accounts and minimize the risks posed by such extensive data leaks.