10 Billion Stolen Passwords Shared Online in Record-Breaking Breach

Months after the so-called “mother of all breaches” was discovered in January, another record-breaking leak has been posted online. According to the Cybernews research team, a password compilation containing nearly 10 billion unique plaintext passwords (9,948,575,739 to be exact) was posted on a hacker forum on July 4.

User ObamaCare’s password compilation file is titled rockyou2024.txt — a reference to RockYou2021, previously claimed to be the largest password compilation ever. RockYou2021 was a 100GB text file containing 8.4 billion plaintext passwords.

Cybernews claims that RockYou2024 combines the previous leak with a collection of over 1.5 billion new passwords collected between 2021 and 2024.

RockYou2024 contains almost 10 billion passwords.
RockYou2024 contains almost 10 billion passwords. Image source: Cybernews

The Cybernews research team warns that threat actors will use any leaked passwords for credential stuffing, a cyberattack that uses stolen account information to gain access to user accounts. Combined with older leaked databases, researchers believe that “RockYou2024 could contribute to a cascade of data breaches, financial fraud, and identity theft.”

Of course, there’s nothing you can do to undo this leak, but Cybernews has shared some steps you can take to ensure your accounts are safe from malicious actors:

  • Immediately reset the passwords for all accounts associated with the leaked passwords. It is strongly recommended to select strong, unique passwords that are not reused across multiple platforms.
  • Enable multi-factor authentication (MFA) where possible. This improves security by requiring additional verification beyond a password
  • Use password management software to securely generate and store complex passwords. Password managers reduce the risk of password reuse across accounts.

It’s worth checking HaveIBeenPwned.com about monthly to see if your passwords need to be updated because your online accounts have been compromised.

Leave a Comment