close
close

This is probably the biggest password leak of all time: almost 10 billion login details exposed

Cybersecurity researchers are calling it the largest password compilation leak of all time.

On July 4, a newly registered user of a popular hacker forum posted a file containing nearly 10 billion compromised passwords in plain text. The post was first discovered by researchers at Cyber ​​news.

“Christmas came early this year,” wrote user “ObamaCare” on the forum. “I present to you a new rockyou2024 password list with over 9.9 billion passwords!”

Leaked password compilation by RockYou2024

This huge list of leaked passwords, known as RockYou2024, provides hackers with an important tool that can be used in a brute force attack.

A brute force attack is a popular hacking method in which the attacker guesses a user's password through trial and error. Hackers often use automated scripts in brute force attacks that allow them to try a whole series of passwords in a short period of time. With such a large leaked password database, hackers have a nearly unlimited pool of passwords to try.

Mashable Speed ​​of Light

“Essentially, the RockYou2024 leak is a compilation of real-world passwords used by individuals around the world,” Cybernews researchers write. “Revealing that many passwords for threat actors significantly increases the risk of credential stuffing attacks.”

As researchers at Cybernews note, this list may be the largest password leak of all time, surpassing the previous record holder, RockYou2021, which contained around 8.4 billion passwords.

In fact, hacker forum user “ObamaCare” claims they used this older list and updated it with newer password leak data from the past three years. As a result, 1.5 billion more passwords were added to the previous compilation to create RockYou2024.

“I updated rockyou21 with new data I collected this year and last year from recently leaked databases on various forums,” the hacker forum user wrote, adding that they also included recently compromised passwords that he himself recently obtained.

The leaked RockYou2024 password list is new, so at the time of writing, it is unclear whether any private data was compromised as a direct result of this compilation.

Anyone who logs into an online service should assume that the password they use is on this list. Cybersecurity researchers recommend that users update their passwords and enable multi-factor authentication wherever possible.