10 Billion Passwords Got Breached in Seconds Through RockYou2024: Know, How?
10 Billion Passwords Got Breached in Seconds Through RockYou2024: Know, How?
On a well-known hacking forum, the largest password compilation—which contained close to ten billion unique passwords—was exposed. According to a known news forum research team, users who frequently reuse passwords could be seriously endangered by this leak.
The monarch has passed away. The king lives forever. Researchers from a well-known news forum found what seems to be the biggest collection of passwords—9,948,575,739 distinct plaintext passwords. The data file, rockyou2024.txt, was uploaded on July 4th by ObamaCare, a forum user.
The user shared a database of employees from Simmons & Simmons, a lead from AskGamblers, an online casino, and student applications for Rowan College at Burlington County prior to registering in late May 2024.
By cross-referencing the passwords from the RockYou2024 leak with information from a well-known news forum Leaked Password Checker, the team was able to determine that the passwords originated from a combination of recent and historical data breaches.
Researchers
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.” |
Attacks that staff credentials can seriously harm both users and companies. For instance, credential-stuffing attacks against the victims’ cloud service provider, Snowflake, were the direct cause of a recent wave of attacks that targeted Santander, Ticketmaster, Advance Auto Parts, QuoteWizard, and other companies.
Cybernews, Team
“Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset.” |
Not the First Rodeo
The compilation RockYou2024 did not appear out of thin air. With 8.4 billion plain text passwords, the RockYou2021 password compilation was the largest at the time and was featured in a story published by a known news forum three years ago.
RockYou2024, Team’s Analysis
Attackers developed the dataset by scouring the internet for data leaks, adding another 1.5 billion passwords from 2021 through to 2024 and increasing the dataset by 15 percent. |
Tens of millions of user passwords for social media accounts were included in the RockYou2021 compilation, which was an extension of a 2009 data breach. But ever since, the compilation has grown astronomically.
Most likely, data gathered from more than 4,000 databases over more than 20 years is included in the most recent version of RockYou. The news forum team thinks that any system that isn’t shielded from brute-force attacks can be targeted by attackers using the ten billion-strong RockYou2024 compilation.
This covers everything, from internet-facing cameras and industrial hardware to both online and offline services.
Team
“Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts.” |
How to Protect Against RockYou2024?
Although there isn’t a foolproof solution to safeguard users whose passwords were compromised, affected parties and institutions ought to implement mitigation techniques. The research team at Cybernews suggests:
- All accounts linked to the password leaks should have their passwords changed right away. It is highly advised to choose secure, one-of-a-kind passwords that are not used on multiple platforms.
- Whenever feasible, turn on multi-factor authentication (MFA). By requiring additional verification in addition to a password, this improves security.
- To safely create and store complex passwords, use password manager software. The risk of using the same password for multiple accounts is reduced by password managers.
The Leaked Password Checker on a well-known news forum will incorporate information from RockYou2024, enabling users to determine whether their login credentials were compromised by the most recent record-holding password compilation.
We saw a second record-breaking compilation leak online in 2024 with RockYou2024. A well-known news forum uncovered the Mother of All Breach (MOAB) earlier this year. It contained a staggering 12 terabytes of data, covering an astounding 26 billion records.
Have you this article amazing? Follow Us on our Instagram (crawsec) and LinkedIn (Craw Security) to get the latest updates on cybersecurity.
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts with the latest trends in cyberawareness and ethical hacking. Find more about Suraj Koli.