A file containing nearly 10 billion stolen passwords is for sale on the Dark Web. A compilation of data stolen over the last 20 years that could lead to a multitude of attacks with unprecedented damage.
Cyberattacks are definitely happening one after the other at the moment, regardless of the country! Researchers at Cybernews have discovered what they call the largest compilation of stolen passwords ever. A file called “rockyou2024.txt” containing 9,948,575,739 unique passwords has been put up for sale on a popular hacker forum. The incredible number represents a compilation of data collected in multiple leaks over the past twenty years – from no fewer than 4,000 different databases. This is particularly worrying news, as these passwords could be used to crack online accounts using brute force.
Password Hacking: The Huge RockYou2024 Database
The user who shared this file, nicknamed ObamaCare, is not new to this. He has already shared several stolen databases, including that of the online casino AskGamblers and the law firm Simmons & Simmons. But this compilation is simply the largest in history.
“The RockYou2024 leak is a compilation of real passwords used by individuals around the world. Revealing this many passwords to malicious actors significantly increases the risk of brute force attacks.”warn the researchers. In 2021, a previous compilation contained 8.4 billion stolen passwords. The database has therefore been enriched by 1.5 billion more identifiers between 2021 and 2024, which is enormous.
Password Hacking: High Risk of Brute Force Attacks
In practical terms, this means that hackers in possession of the file could try a multitude of passwords to unlock an account. Of course, they would not perform such a task manually, but would automate the process in order to test millions of passwords in an instant. Worse still, “Combined with other databases leaked on hacker forums and marketplaces, which contain, for example, user email addresses and other identifying information, RockYou2024 may contribute to a cascade of data breaches, financial fraud and identity theft”warn the researchers.
To find out if your passwords and other personal data have been leaked online, we can only advise you to use the site Have I Been Pwned. Cybernews also offers its own tool that you can check out here. This will allow you to take appropriate security measures. If your information ever appears in the database, immediately change your password as well as those of your other accounts that are identical – remember, you absolutely must have a strong and unique password for each of your accounts! If this is not already the case, activate two-factor authentication. Remember to end existing sessions properly in order to exclude any unauthorized users. And, as usual, stay vigilant against possible phishing attempts!