The 'RockYou2024' Is When Hackers Uploaded 10 Billion Stolen Passwords To The Internet

04/07/2024

How many is many? How much is too much? When it comes to user data, hackers hunger for more.

The more the better, because data sells, and they are expensive. Data brokers want them, other hackers need them. User data is a commodity, and hacking user data has become a lucrative business.

And this time, following the fact that the only thing(s) that differentiate a legitimate user and a stranger is user credential, in which the former knows the login data of an account and the latter doesn't, data leaks are an inevitability of the digital age.

So here, behold, the 'RockYou2024', the data leak that sees 10 billions of internet users' passwords conveniently rounded up for the taking.

"The king is dead. Long live the king."

RockYou2024

According to a website post from the researchers at Cybernews, the "largest password compilation with nearly ten billion unique passwords was leaked on a popular hacking forum."

With a staggering 9,948,575,739 unique plaintext passwords, the file data is titled rockyou2024.txt was posted on July 4th by forum user 'ObamaCare,' who has previously shared an employee database from the law firm Simmons & Simmons, a lead from an online casino AskGamblers, and student applications for Rowan College at Burlington County.

"Xmas came early this year," user "ObamaCare" wrote on the forum. "I present to you a new rockyou2024 password list with over 9.9 billion passwords!"

The researchers who cross-referenced the passwords included in the RockYou2024 leak with data from Cybernews’ Leaked Password Checker, revealed that not all the passwords contained within are new.

Some are actually old, coming from previous data breaches.

Regardless, the danger is still there, and it's huge.

This is because in essence, RockYou2024 is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.

"Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset," the team explained.

RockYou2024

The researchers at Cybernews suggest internet users to immediately reset all their passwords that are associated with any online accounts they own.

By using a strong and unique password for every single accounts can help prevent credential stuffing.

If an account supports passkeys, it's wise to use that instead, as passkeys have no credentials to leak.

If not, use two-factor authentication whenever possible, because in the event that bad actors know users' credentials, they won't be able to break into the account without access to their trusted device, whether that's a smartphone or an authenticator app.

To manage all these credentials, people can use a password manager. Not only will a good password manager help manage passwords, as these tools can also have handy features, like password generators.

"With RockYou2024, we witnessed a second record-breaking compilation leaked online in 2024. Earlier this year, Cybernews discovered the Mother of all breaches (MOAB), comprising an astounding 12 terabytes of information, spanning over 26 billion records."