10 billion passwords leaked online, it's been called the 'biggest password leak in history'

On July 4, 2024, a file containing approximately 10 billion passwords was posted on a hacking forum. Security media Cybernews reported on the data leak as 'the largest password leak in history.'

RockYou2024: 10 billion passwords leaked in the largest compilation of all time | Cybernews

https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/

This is likely the biggest password leak ever: nearly 10 billion credentials exposed | Mashable
https://mashable.com/article/rockyou2024-leaked-password-database

A text file named 'rockyou2024.txt' was posted on a hacking forum, and researchers at Cybernews who investigated the contents of the text file revealed that it contained 9,948,575,739 unique passwords. The person who posted 'rockyou2024.txt' was a user named 'ObamaCare' who registered an account in late May 2024.

In addition to passwords, the file 'rockyou2024.txt' included the employee database of the law firm Simmons & Simmons , data from the online casino AskGamblers, and student applications from Rowan University in Burlington County. Cybernews has named the leak 'RockYou2024' after the name of the text file.

Cybernews researchers cross-referenced the password information contained in 'rockyou2024.txt' with data that could be used to check whether it was authentication information that had already been leaked in the past, to verify whether the password information contained in 'rockyou2024.txt' was data that had been made public in a previous data breach or data that had recently leaked from somewhere. They found that the password information contained in 'rockyou2024.txt' was a mixture of previously leaked data and newly leaked data.

'Essentially, RockYou2024 is a collection of real-world passwords used by individuals around the world. The large number of passwords held by threat actors exposed has significantly increased the risk of credential stuffing attacks ,' Cybernews researchers wrote. 'Malicious actors could use the password information in RockYou2024 to perform brute force attacks that could allow them to gain unauthorized access to various online accounts used by individuals who use the passwords included in the dataset.'

In 2021, a text file containing 8.4 billion plaintext passwords was released on the Internet, and this event is called ' RockYou2021 ' after the file name. According to researchers at Cybernews, the creators of RockYou2024 added 1.5 billion new passwords that were leaked on the Internet to the data of RockYou2021 and released it as RockYou2024.

Cybernews researchers recommend resetting passwords for all accounts that may have been leaked, not reusing passwords across multiple platforms, and setting strong, unique passwords. In addition, they mention that it is important to enable multi-factor authentication whenever possible to prevent accounts from being accessed even if a password is leaked. In addition, they recommend using password manager software to securely generate and manage multiple passwords.