Connect with us

Tech News

A record 10 billion passwords were just posted to a popular hacking forum

Published

on

A record 10 billion passwords were just posted to a popular hacking forum

Why it matters:

Experts emphasize that passwords are not foolproof when it comes to online security, yet they remain a crucial aspect of most individuals’ digital defense mechanisms. The recent disclosure of a database containing nearly 10 billion unique plaintext passwords has sparked concerns within the security community. Here are some guidelines to determine if your password is included in this database and how you can enhance your security measures.

Last week, a user known as “ObamaCare” uploaded what cybersecurity professionals believe to be the largest collection of passwords ever shared on a hacking forum. The file, named rockyou2024.txt, consists of 9,948,575,739 distinct plaintext passwords. ObamaCare has a track record of leaking sensitive information, including an employee database from the law firm Simmons & Simmons, a database from the online casino AskGamblers, and student applications for Rowan College at Burlington County.

“Xmas came early this year,” ObamaCare stated on the forum. “I present to you a new rockyou2024 password list with over 9.9 billion passwords!”

Cybernews discovered that these passwords originated from both past and recent data breaches, stemming from a previous compilation known as “RockYou2021” with 8.4 billion passwords. While the addition of 1.5 billion sets of credentials somewhat mitigates the impact of the leak, it is still a significant number of compromised passwords, prompting experts to caution about the potential risks posed by this database.

Verizon’s 2021 Data Breach Investigations Report revealed that 61 percent of breaches are a result of exploited credentials. Google Cloud’s 2023 Threat Horizons Report indicates an even higher percentage, with 86 percent of breaches involving stolen passwords. Both online and offline services, as well as internet-connected cameras and industrial equipment, are vulnerable. The presence of RockYou2024 could potentially lead to a surge in data breaches, financial scams, and identity theft when combined with other leaked databases containing email addresses and login credentials.

See also  25 Lessons from Walt Disney’s Billion Dollar Business Playbook

Cybernews offers an online tool called the Leaked Password Checker, enabling users to verify if their password has been compromised in any known breaches, including RockYou2024. Alternatively, Have I Been Pwned provides a similar lookup tool to assess if your email address or password has been exposed in a data breach.

If your password is compromised, it is crucial to change it immediately and use a unique password for each account. Additionally, it is advisable to enable multi-factor authentication, which requires additional verification beyond just a password, and utilize a password manager to generate and securely store complex passwords, reducing the risk of password reuse.

Trending