Cyber experts have urgently warned people to update their passwords after a hacker uploaded billions of login details.
The leak, called RockYou2024, was posted on July 4th containing a staggering 10 billion passwords from a compilation of old and new data breaches.
Researchers who revealed the leak said the information could allow hackers to target any system that isn’t protected by strict security software including online and offline services, online cameras and industrial hardware.
This could prompt a wave of data breaches, financial fraud and identity theft using the passwords, which were collected from more than 4,000 databases over the last two decades.
Cybernews researchers revealed that a hacker released a staggering 10 billion passwords collected from 4,000 database.
The user, who goes by ObamaCare, used 8.4 billion passwords from an earlier crime forum released in 2021 and cracked 1.5 billion new passwords
Researchers at Cybernews who investigated the hack said the perpetrator goes by the name ObamaCare.
The person appeared to use 8.4 billion passwords from an earlier crime forum released in 2021.
However, an additional 1.5 billion new passwords were obtained from records from 2021 to 2024.
‘Xmas came early this year,’ ObamaCare wrote on the forum.
‘I present to you a new rockyou2024 password list with over 9.9 billion passwords.
The hacker added that they ‘also cracked some old ones with [their] new 4090,’ – a high-end Nvidia graphics card – containing ‘actual new real passwords from users.’
The file was released in a 45.6-gigabyte zip archive using leaked records from sites like X (formerly Twitter), AdultFriendFinder, MyFitnessPal, LinkedIn and Adobe.
The top two impacted brands are Chinese-based companies that far surpass other online companies.
They include 1.5 billion from Tencent – a tech company that provides internet services – and 504 million from social media platform Weibo.
‘In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,’ the researchers said, adding ‘revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.’
Credential stuffing occurs when hackers use a password from one data breach to log in to an unrelated service like using a password obtained from the AT&T leak to see if the person uses the same password for their bank account.
Cybernews told Forbes that its researchers have been in contact with the hacker and are working to investigate the datasets and the roughly ‘30 gigabytes of combo lists from which data was extracted.’
Users can check if their password was leaked by visiting the Cybernews site and entering their password.
As a preventive measure, users should immediately reset their leaked passwords on all accounts and select strong, unique combinations that aren’t used on multiple platforms.
They should also enable multi-factor authentication which provides a second level of security by requiring verification like facial recognition or a PIN in addition to the passwords.
‘There really is no excuse not to use unique passwords for every single account as data breaches unfortunately continue to occur and grow,’ Jake Moore, the global cybersecurity advisor for security vendor ESET told Forbes.
‘Luckily, password managers are easier than ever to use and implement into daily life. Plus they offer the hard part of password generation and the secure storing of these complex codes.’
