The Biggest Password Leak Yet


Hey everyone, big news in the cybersecurity world. Nearly 10 billion passwords have been leaked on a popular hacking forum, as reported by Cybernews. This staggering collection, named “rockyou2024.txt,” contains 9,948,575,739 unique plaintext entries, making it the largest compilation of leaked passwords ever.


What Happened?

On July 4, 2024, Cybernews researchers discovered this massive file on a hacking forum. Many of the passwords in “RockYou2024” have appeared in previous breaches. The user behind this leak, known as “ObamaCare,” has been active since May 2024, posting multiple data dumps including employee databases, online casino leads, and student applications.


The History of RockYou

The RockYou name traces back to 2009 when 32 million user accounts from the now-defunct social app were exposed. In 2021, “rockyou2021.txt” surfaced, containing 8.4 billion passwords. Now, “RockYou2024” builds on this with an additional 1.5 billion passwords, sourced from over 4,000 databases.


The Risk of Credential Stuffing

This enormous leak significantly raises the risk of credential stuffing attacks, where attackers use automated tools to test stolen username-password pairs across multiple sites. These attacks can lead to unauthorized access to various accounts, from personal services to IoT devices.


Recent Credential Stuffing Incidents

  • Snowflake Data Breach (June 2024): Attackers accessed data from 165 clients using stolen credentials.
  • 23andMe Hack (November 2023): Personal and genetic info of 6.9 million people stolen due to reused login details.


Mitigating the Risk

  • Use Unique Passwords: Never reuse passwords across different sites.
  • Use Passphrases and Password Managers: These tools generate and store complex, unique passwords for you.
  • Enable Multi-Factor Authentication: Adds an extra layer of security to your accounts.

Tips for Those Affected by RockYou2024

Plex IT recommends the following steps:

  1. Reset Passwords: Change any passwords that might have been compromised, making sure they are strong and unique.
  2. Enable Multi-Factor Authentication: Adds a vital security layer.
  3. Use a Password Manager: Generate and store complex passwords for each account securely.
  4. Check Your Account: Visit Have I Been Pwned to see if your account has been compromised.

Stay safe online and make sure to update your security practices to protect against these increasingly sophisticated threats.