Months after the so-called “mother of all breaches” was uncovered in January, another record-breaking leak has been posted online. According to the Cybernews research team, a password compilation containing nearly 10 billion unique plaintext passwords (9,948,575,739 to be exact) was published on a hacker forum on July 4th.
The password compilation file from user ObamaCare is titled rockyou2024.txt — a reference to RockYou2021, which was previously the largest password compilation on record. RockYou2021 was a 100 GB text file containing 8.4 billion plaintext passwords.
Cybernews claims that RockYou2024 combines the previous leak with a collection of more than 1.5 billion new passwords collected between 2021 and 2024.
The Cybernews research team warns that threat actors will use all of the leaked passwords for credential stuffing, which is a cyberattack that uses stolen account credentials to gain access to user accounts. Combined with older leaked databases, researchers believe “RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts.”
There’s obviously nothing you can do to reverse this leak, but Cybernews did share a few steps you can take to ensure that your accounts are safe from threat actors:
- Immediately reset the passwords for all accounts associated with the leaked passwords. It is strongly recommended to select strong, unique passwords that are not reused across multiple platforms
- Enable multi-factor authentication (MFA) wherever possible. This enhances security by requiring additional verification beyond a password
- Utilize password manager software to securely generate and store complex passwords. Password managers mitigate the risk of password reuse across different accounts
It’s always worth checking HaveIBeenPwned.com every month or so to see if your passwords need to be updated due to your online accounts being compromised.