Almost 10 billion passwords leaked on hacker forum

Research group Cybernews reports an unprecedented password leak and warns users of serious danger. 10 billion passwords have been exposed. This is the largest leak of personal and corporate data worldwide in history.

This is especially true for those who like to reuse the same passwords. Cybernews researchers discoveredapparently the largest collection: 9,948,575,739 unique text passwords. On the Fourth of July, a data file called rockyou2024.txt was posted by a user on the ObamaCare forum. Although he registered in late May 2024, he had previously shared a database of employees at the law firm Simmons & Simmons, a contact from the online casino AskGamblers, and student applications to Rowan College in Burlington County.

The team compared the passwords included in the RockYou2024 leak with data from Cybernews' Leaked Password Checker, which showed that the passwords were from both old and new data breaches. The researchers said:

“The RockYou2024 leak is essentially a collection of real passwords used by people around the world. Revealing a large number of passwords from attackers significantly increases the risk attacks with the substitution of credentials.”

Credential stuffing attacks can cause serious damage to users and companies. For example, the recent wave of attacks targeting Santander, Ticketmaster, Advance Auto Parts, QuoteWizard, and others was a direct result of credential stuffing attacks against the victims’ cloud provider, Snowflake. The researchers explain:

“Attackers could use the RockYou2024 password collection to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who use passwords included in the dataset.”

It is entirely possible to reduce the risk of possible attacks. To do this, users need to: