Hackers leak nearly 10 billion credentials in largest leak in history

The largest collection of stolen passwords ever has been leaked to a notorious criminal marketplace, according to cybersecurity researchers from Cyber ​​news.

The leak, dubbed RockYou2024 by its original author “ObamaCare,” contains a file containing nearly 10 billion unique passwords in plain text.

Allegedly collected from a series of data breaches and hacks spanning several years, the passwords were published on July 4 and hailed as the largest collection of stolen and leaked credentials ever seen on the forum.

“In essence, the RockYou2024 leak is a compilation of real passwords used by individuals around the world,” the researchers told Cybernews. “Revealing that many passwords are used by malicious actors significantly increases the risk of credential stuffing attacks.”

Credential theft attacks are among the most common methods used by criminals, ransomware affiliates, and state-sponsored hackers to gain access to services and systems.

Computer code and Israeli flag (credit: JPOST STAFF)

Threat actors could exploit the RockYou2024 password collection to conduct brute-force attacks against any unprotected system and “gain unauthorized access to various online accounts used by individuals whose passwords are included in the dataset,” the research team said.

This could affect online services, cameras and hardware

This could affect a variety of targets, from online services to internet-connected cameras and industrial equipment.

“Furthermore, combined with other databases leaked on hacker forums and marketplaces, which contain, for example, user email addresses and other identifying information, RockYou2024 may contribute to a cascade of data breaches, financial fraud, and identity theft,” the team concluded.

However, despite the severity of the data breach, it is important to note that RockYou2024 is primarily a compilation of previous password leaks, estimated to contain entries from a total of 4,000 massive databases of stolen credentials, spanning at least two decades.


This new file notably includes an old credential database known as RockYou2021, which contained 8.4 billion passwords. RockYou2024 added approximately 1.5 billion passwords to the collection, spanning the period 2021-2024, which, while a huge number, is only a fraction of the 9,948,575,739 passwords reported in the leak.

So, users who have changed their passwords since 2021 may not need to panic about a possible breach of their information.

That being said, Cybernews’ research team stressed the importance of maintaining data security. In response to the leak, they recommend immediately changing passwords for all accounts associated with the leaked credentials, ensuring that each password is strong and unique and is not reused across different platforms.

Additionally, they advised enabling multi-factor authentication (MFA), which requires an additional form of verification beyond the password, whenever possible to strengthen cybersecurity.

Finally, technology users should use password management software, which generates and securely stores complex passwords, mitigating the risk of password reuse across multiple accounts.

News Source :
Gn tech

Back to top button