RockYou2024 Exposes Billions of Real-World Passwords

On a prominent hacker forum, a colossal database containing 9,948,575,739 unique passwords was published. The data breach, encapsulated in a file named rockyou2024.txt, marks the largest leak in the history of the digital age.

The research team at Cybernews, which discovered the issue, is sounding the alarm. Experts warn of a severe danger to users who habitually use the same passwords across different sites. Analysis reveals that the new database includes both old and new passwords, gathered from various sources.

Of particular interest is the identity of the user who posted the file. The hacker, known as ObamaCare, registered on the forum at the end of May 2024 and has already made a name with several exploits. Previously, he shared a database of employees from the law firm Simmons & Simmons, information about the online casino AskGamblers, and documents from Rowan College students in Burlington.

Cybernews experts emphasize that the RockYou2024 leak is a compilation of real passwords used by people worldwide. This significantly increases the risk of brute force attacks.

Recent incidents demonstrate how devastating the consequences of such attacks can be. Victims have included giants like Santander, Ticketmaster, Advance Auto Parts, and QuoteWizard. The scale of the threat is underscored by the fact that the attack targeted the cloud provider Snowflake, which serves these companies.

The rockyou2024.txt file continues a trend that began in 2021, when the RockYou2021 database, containing 8.4 billion passwords, was released online. Over the past three years, it has grown by 1.5 billion new combinations, an increase of 15%. Experts believe that the current version of RockYou contains information collected from more than 4,000 databases over the past two decades.

Cybernews specialists warn of a broad spectrum of potential threats. Malefactors can use the ten-billion-strong compilation to attack any unprotected systems, including not only online services but also surveillance cameras, industrial equipment, and other internet-connected devices.

Experts offer several recommendations for protection. First and foremost, it is crucial to immediately change passwords on all accounts, especially if the same combinations are used across different platforms. It is imperative to choose complex and unique passwords for each service. Enabling two-factor authentication wherever possible and using password managers to generate and store complex, unique codes is also highly recommended.

Cybernews has integrated the data from RockYou2024 into its Leaked Password Checker service. This will allow users to check whether their passwords have been compromised and take necessary measures to protect their accounts.