Months after the so-called “mother of all breaches” was uncovered in January, another record-breaking leak has been posted online. According to the Cybernews research team, a password compilation containing nearly 10 billion unique plaintext passwords (9,948,575,739 to be exact) was published on a hacker forum on July 4th.
The password compilation file from user ObamaCare is titled rockyou2024.txt — a reference to RockYou2021, which was previously the largest password compilation on record. RockYou2021 was a 100 GB text file containing 8.4 billion plaintext passwords.
Cybernews claims that RockYou2024 combines the previous leak with a collection of more than 1.5 billion new passwords collected between 2021 and 2024.
The Cybernews research team warns that threat actors will use all of the leaked passwords for credential stuffing, which is a cyberattack that uses stolen account credentials to gain access to user accounts. Combined with older leaked databases, researchers believe “RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts.”
There’s obviously nothing you can do to reverse this leak, but Cybernews did share a few steps you can to ensure that your accounts are safe from threat actors:
It’s always worth checking HaveIBeenPwned.com every month or so to see if your passwords need to be updated due to your online accounts being compromised.