This is likely the biggest password leak ever: nearly 10 billion credentials exposed

bnew

Veteran
Joined
Nov 1, 2015
Messages
55,654
Reputation
8,224
Daps
157,144

This is likely the biggest password leak ever: nearly 10 billion credentials exposed​

The 'RockYou2024' leak could give hackers a huge upper hand.

By Matt Binder on July 5, 2024

Share on Facebook Share on Twitter Share on Flipboard

Login screen

Hackers now have a record-breaking database of nearly 10 billion leaked passwords at their disposal. Credit: Jens Büttner/picture alliance via Getty Images



Cybersecurity researchers are calling it the largest password compilation leak of all time.

On July 4, a newly registered user on a popular hacking forum posted a file containing nearly 10 billion compromised passwords in plaintext. The post was first noticed by researchers at Cybernews.

"Xmas came early this year," user "ObamaCare" wrote on the forum. "I present to you a new rockyou2024 password list with over 9.9 billion passwords!"

RockYou2024 leaked password compilation

This gigantic list of leaked passwords known as RockYou2024 provides hackers with an important tool that can be utilized in a brute force attack.

A brute force attack is a popular hacking method where the attacker guesses a user's password by trial-and-error. Hackers commonly use automated scripts when carrying out a brute force attack, which enables them to try out a slew of passwords within a short period of time. With a leaked password database this big, hackers have a nearly unlimited pool of passwords to try out.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world," writes Cybernews' researchers. "Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks."

As Cybernews researchers point out, this list may very well be the largest password leak ever, beating the previous record holder known as RockYou2021, which had around 8.4 billion passwords.

In fact, the hacker forum user "ObamaCare" claims they used that older list and updated it with newer password leak data from over the past three years. As a result, 1.5 billion more passwords have been added to the previous compilation to create RockYou2024.

"I updated rockyou21 with collected new data from recent leaked databases in various forums over this and last years," wrote the hacker forum user while adding that they also included recent compromised passwords that they recently obtained themself.

The RockYou2024 leaked password list is new, so at the time of this writing, it's unclear if any private data has been compromised as a direct result of this compilation.

Anyone signed up to any service online should assume that a password that they use is on this list. Cybersecurity researchers recommend that users update their passwords and enable multi-factor authentication wherever possible.
 

Geek Nasty

Brain Knowledgeably Whizzy
Supporter
Joined
Jan 30, 2015
Messages
30,199
Reputation
4,451
Daps
114,026
Reppin
South Kakalaka
Only way to fix this is to start fining the shyt out of companies who expose credentials. Only thing they'll listen to is money.

Its been 30 years now and the internet is still running on wide open protocols that force unsophisticated home users to be security experts
 

Liu Kang

KING KILLAYAN MBRRRAPPÉ
Supporter
Joined
May 3, 2012
Messages
13,664
Reputation
5,468
Daps
29,694
Do brute force still work in this day and age ?
 

Rice N Beans

Junior Hayley Stan
Supporter
Joined
May 5, 2012
Messages
10,770
Reputation
1,447
Daps
22,344
Reppin
Chicago, IL
Do brute force still work in this day and age ?

Depends on the security of the challenge. Many online places will secure once in time and never again because it is cheap to do so.

Unless the first underpaid guy set saner limits, most will use defaults or carry over the test setup. :snoop:
 
Top