Check Your Accounts: 10 Billion Passwords Exposed in Largest Leak Ever

Check Your Accounts: 10 Billion Passwords Exposed in Largest Leak Ever

The ‘RockYou2024’ database includes almost 10 billion passwords pulled from ‘a mix of old and new data breaches.’ Here’s how to check if yours are at risk.

Are you reusing your passwords across multiple sites? It’s time to reconsider.

Researchers at Cybernews have uncovered a massive trove of nearly 10 billion passwords on a popular hacking forum in what they’re calling “the largest password compilation” ever.

The file, titled rockyou2024.txt, was posted on July 4 by someone using the name ObamaCare and contains an astounding 9,948,575,739 unique plaintext passwords. The user only joined the forum in late May, but they’ve posted data from other breaches as well.

According to Cybernews, this RockYou2024 file is “a mix of old and new data breaches.” So, it’s not necessarily a new breach that compromised 10 billion passwords. However, compiling all these passwords into one massive, searchable database “substantially heightens the risk of credential stuffing attacks,” Cybernews explains.

Credential stuffing occurs when someone uses passwords obtained from one data breach to try to log into unrelated services. For example, a hacker might use a password obtained from the AT&T breach to see if you use the same password for your bank account.

This isn’t the first RockYou password drop, but it is the largest. In 2021, RockYou2021 included 8.4 billion plain text passwords. Cybernews suspects the current file version contains a compilation of passwords obtained over the past 20 years, including those original 8.4 billion, so there’s a good chance at least one of your passwords is included.

How to Protect Yourself

Check if any of your passwords are included via Cybernews’ Leaked Password Checker.

If you find any of your passwords in the database, change them immediately to strong, unique passwords. Then double-check your other accounts to ensure you’re not reusing passwords across services. Enable multi-factor authentication (MFA) wherever possible to add an extra layer of security. Using a password manager can also help you keep track of your credentials and generate strong passwords.

Conclusion

The RockYou2024 data leak serves as a stark reminder of the importance of strong, unique passwords and proactive security measures. Regularly updating your passwords and utilizing tools like MFA and password managers can significantly reduce your risk of falling victim to credential stuffing and other cyberattacks.