World's Largest Stolen Password Database Discovered on Criminal Forum

Security researchers have uncovered what appears to be the largest password leak ever, containing around 10 billion unique, plain-text passwords.

prativad prativad
Jul 13, 2024 - 03:02 Updated: Jul 13, 2024 - 03:12
World's Largest Stolen Password Database Discovered on Criminal Forum

Security researchers have uncovered what appears to be the largest password leak ever, containing around 10 billion unique, plain-text passwords. The file, titled "rockyou2024.txt," was posted on a leading hacking forum by a user going by the name "ObamaCare."

The passwords come from a compilation of both old and new data breaches, making this an extremely dangerous discovery. Hackers can now use these passwords to gain unauthorized access to people's personal and financial accounts, especially if they reuse the same passwords across multiple services.

The massive trove of passwords was found by researchers at Cybernews, who believe this leak poses severe risks to users prone to password reuse. The report revealed that the password file, posted on the BreachForums criminal underground forum, contained an astonishing 9,948,575,739 unique passwords in plain text.

The RockYou2024 leak is an expansion of an earlier credentials database known as RockYou2021, which featured 8.4 billion passwords. Hackers have scoured the internet for additional data leaks, adding another 1.5 billion passwords from 2021 through 2024, increasing the dataset by 15%.

"In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks," the researchers warned.

The user "ObamaCare" who posted the password file has a history of leaking other databases, including an employee database from a law firm and student applications from a college.

This password leak puts users at serious risk of credential stuffing attacks, where hackers try to use stolen passwords to gain access to other online accounts. To protect themselves, users should:

  1. Change passwords and use a password manager
  2. Enable two-factor authentication
  3. Remove personal information from the internet
  4. Use a VPN to browse privately
  5. Monitor financial accounts for any unauthorized activity

This massive data breach is a wake-up call for both users and the companies that hold our sensitive information. Stronger security measures are needed to prevent such large-scale password leaks from happening in the future.

Read More   

Tags: