Skip to content

Almost 10 billion stolen passwords uploaded to cybercrime forum

  • by
  • 2 min read

Security researchers have discovered what appears to be the “largest password compilation ever” on a cybercrime forum. The passwords are listed in a file named “RockYou2024.txt”, posted on July 4 by an ObamaCare user. It contains 9,948,575,739 unique plaintext passwords.

The file was discovered by researchers from Cybernews, who cross-referenced the passwords included in the text file with their Leaked Password Checker, discovering that the passwords come from a mix of old and new data breaches. With the sheer number of passwords included in the list, it’s damn near impossible to track down which data breaches were compiled to create the file. The file Most likely contains leaked data collected from over 4,000 databases over two decades.

This is an image of rockyou 2024 screenshot
A screenshot of the post announcing the password list is attached. | Source: Cybernews

Researchers report that RockYou2024 expands an older password list file uploaded by the same user dubbed RockYou2021. This file contained nearly 8.4 billion passwords, the largest at the time. It was an expansion of a data breach from 2009, which included tens of millions of user passwords for different social media accounts. Since then, the attackers have significantly increased their data set, adding 1.5 billion passwords between 2021 and 2024, increasing the dataset by about 15 per cent.

Regardless, the file’s presence is a problem for everyone who uses the internet. This compilation significantly increases the risk of credential stuffing and brute force attacks for internet users worldwide. Additionally, combined with other data breaches commonly found on hacker forums, which often include email addresses, usernames, or other login credentials, the password file can become an essential tool for data breaches, financial fraud, identity theft, and almost every other type of internet attack.

Regarding protection measures, there’s not much that can be done for the users who have already been exposed. However, it’s recommended that you change your passwords on all sensitive accounts and enable multi-factor authentication to add a layer of protection. Using password managers to generate random, stronger passwords can also be helpful.

In the News: Airtel refutes alleged data breach impacting 375 million users

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of spyware malware cybersecurity privacy featured 31

Threat actors deploy FrigidStealer on Macs via web inject attacks

This is an image of crypto farm

XMRig cryptominer distributed via trojanised game torrents

Photo: sundry photography / shutterstock. Com

Over 100 AWS keys found on public GitHub repositories

This is an image of scam call featured 1

Noida-based call center operation dupes victims of $1.4 million

This is an image of nvidia gpu compared 100

Concerns mount over outdated Nvidia A100 GPUs in India’s AI Mission

  • by
  • In News, AI
Illustration: cinemato

Two Estonians found guilty of $577 million crypto ponzi scheme

>