Hackers leak 10 billion passwords on a website
Hackers have dumped some 10 billion passwords on a site, and experts estimate that the exposure would be the largest leak on the site named RockYou2024.
According to a report by USA Today quoting Cybernews, the 10 billion passwords included in a file uploaded by a user named ObamaCare comprise old and new ones.
Cybernews said its team “cross-referenced the passwords included in the RockYou2024 leak with data from Cybernews’ Leaked Password Checker, which revealed that these passwords came from a mix of old and new data breaches.”
The passwords on the document have likely been collected from more than 4,000 databases over the last 20 years.
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” Cybernews said.
Credential stuffing is when hackers take information, such as passwords, from one data leak and attempt to log onto other websites, which can be very damaging to businesses and consumers, Cybernews said.
The recent wave of hacks targeting several sites including Ticketmaster were the result of credential stuffing attacks, said Cybernews.
Three years ago, a leak of 8.4 billion passwords called RockYou2021 was posted on a hacker site. At the time it was the largest password leak.
Cybernews said its analysis determined that the 10 billion leaked passwords in the RockYou2024 document included 1.5 billion new passwords leaked from 2021 through 2024.
Leak is the latest to share information already available
The 10 billion passwords leaked are a series of data dumps from previous hacks and are not new, but it is still a big deal to have that many passwords in one document posted on the Internet, Scott Augenbaum, a retired FBI agent, cybercrime prevention trainer and author of The Secret to Cybersecurity.
“The big moral of the story is this needs to be a wake up call that no matter what a great job you do keeping yourself safe, someone’s going to lose your user name and password,” Augenbaum said, referring to companies whose sites are hacked.
The danger is that many people use very common passwords or if they’re using a more difficult password or passphrase, they use the same one for multiple accounts, said Augenbaum. When those passwords are compromised, hackers can get into multiple accounts, he said.
“The passwords are out there,” he said. “That means the cybercriminals right now are banking on the fact that they’re going to capture one of your passwords. Are you using that same password for multiple platforms?”
It’s important to have a different password for each account, said Augenbaum.
“This has an impact because just think about how many of our parents have the same password for multiple platforms or even our kids,” he said. “This will have a greater ripple effect across consumers than anyone could imagine.”
Augenbaum is particularly worried about the senior population, which is more likely to use the same password and could be vulnerable to scammers.
