menu-control
The Jerusalem Post
Home Page
Business & Innovation
Banking & Finance
Tech & Start Ups
Energy & Infrastructure
Real Estate
Opinion
JP Must
Precious Metals
Israel Real Estate
Aliyah
Environment & Climate Change
Jerusalem Post Conferences
Premium
The Daily Edition
The Jerusalem Post Ivrit
The Jerusalem Report
Coronavirus
Opinion
Real Estate Listings
JPost Store
JPost Shopping
Woman Magazine
Cars Magazine
Banking & Finance
Categories
Breaking News
Israel News
Israel Politics
Israel Culture
Israel Sports
World News
Islamic Terrorism
Middle East
Iran News
Isis Threat
Arab-Israeli Conflict
Gaza News
US Politics
Diaspora
Antisemitism
Opinion
Podcast
Judaism
Torah Portion
Jewish Holidays
List of holidays
Kabbalah
Christian World
Health & Wellness
Sleep
Mind & Spirit
Nutrition
Coronavirus
Exercise
Pregnancy & Birth
Parenting
Supplements
Science
Law
Archaeology
OMG
Antisemitism
Food & Recipes
Jerusalem Post en Español
Sponsored Content
Promo Content
Advertise With Us
Terms of Use
Privacy Policy
Contact Us
Cancel Subscription
Customer Service
About Us
The Jerusalem Post: Business and Innovation
Jerusalem Post
Separator
Business & Innovation

The largest password leak in history exposes nearly 10 billion credentials

By RIKKI ZAGELBAUM  
Published: JULY 8, 2024 15:13
Updated: JULY 8, 2024 15:14
Illustrative image of a hacker. (photo credit: Wikimedia Commons)
Illustrative image of a hacker.
(photo credit: Wikimedia Commons)

In response to the leak, they recommend immediately changing the passwords for any accounts associated with the leaked credentials, ensuring each password is strong and unique and not reused.

The largest collection of stolen passwords ever has been leaked to a notorious crime marketplace, according to cybersecurity researchers at Cybernews

This leak, dubbed RockYou2024 by its original poster “ObamaCare,” holds a file containing nearly 10 billion unique plaintext passwords.

Allegedly gathered from a series of data breaches and hacks accumulated over several years, the passwords were posted on July 4th and hailed as the most extensive collection of stolen and leaked credentials ever seen on the forum. 

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” the researchers told Cybernews. “Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.”

Advertisement

Credential stuffing attacks are among the most common methods criminals, ransomware affiliates, and state-sponsored hackers use to access services and systems.

Computer code and an Israeli flag (credit: JPOST STAFF)
Computer code and an Israeli flag (credit: JPOST STAFF)

Threat actors could exploit the RockYou2024 password collection to conduct brute-force attacks against any unprotected system and “gain unauthorized access to various online accounts used by individuals whose passwords are included in the dataset,” the research team said.

This could affect online services, cameras and hardware

This could affect various targets, from online services to internet-facing cameras and industrial hardware. 

“Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” the team concluded.

Stay updated with the latest news!

Subscribe to The Jerusalem Post Newsletter

Subscribe Now

However, despite the seriousness of the data leak, it is important to note that RockYou2024 is primarily a compilation of previous password leaks, estimated to contain entries from a total of 4,000 massive databases of stolen credentials, covering at least two decades.

This new file notably includes an earlier credentials database known as RockYou2021, which featured 8.4 billion passwords. RockYou2024 added approximately 1.5 billion passwords to the collection, spanning from 2021 through 2024, which, though a massive figure, is only a fraction of the reported 9,948,575,739 passwords in the leak.

Advertisement

Thus, users who have changed their passwords since 2021 may not have to panic about a potential breach of their information. 

That said, the research team at Cybernews stressed the importance of maintaining data security. In response to the leak, they recommend immediately changing the passwords for any accounts associated with the leaked credentials, ensuring each password is strong and unique and not reused across different platforms.

Additionally, they advised enabling multi-factor authentication (MFA), which requires an extra form of verification beyond the password, wherever possible, to strengthen cyber security.

Lastly, tech users should utilize password manager software, which securely generates and stores complex passwords, mitigating the risk of password reuse across multiple accounts.

Related Tags
technology
cybersecurity
hack
Software

×
Email:
×
Email: