Thought Leadership
Researchers from Cybernews discovered a file called “rockyou2024.txt”, which contains almost 10 billion unique passwords in plain text. This huge database was put online on July 4 by a well-known user of a hacker forum under the pseudonym “ObamaCare”.
The experts at Cybernews examined the passwords using their own “Leaked Password Checker” tool. It turned out that the data originated from both older and newer data leaks. The “RockYou2024” collection thus represents a compilation of real passwords that have been and are used by users worldwide.
The publication of such an enormous quantity of passwords considerably increases the risk of so-called “credential stuffing” attacks. In this method of attack, cyber criminals attempt to gain unauthorized access to various online accounts using the leaked access data. Recent attacks on companies such as Santander and Ticketmaster show how dangerous this method is.
The “RockYou2024” collection could be used by attackers for brute force attacks against unprotected systems. This potentially affects a wide range of targets, from online services to industrial facilities. Combined with other leaked databases containing, for example, email addresses, this could lead to a cascade of data breaches, financial fraud and identity theft.
RockYou2021
The latest publication is reminiscent of the “RockYou2021” leak three years ago, in which 8.4 billion passwords were leaked in plain text. The new version “RockYou2024” expands this collection by a further 1.5 billion passwords, which corresponds to an increase of 15 percent. It is believed that the latest iteration contains information from over 4,000 databases from the last two decades.
Verification options
Cybernews plans to integrate the data from “RockYou2024” into its “Leaked Password Checker”. This allows users to check whether their own credentials are part of this massive leak. Given the seriousness of this incident, it is advisable for all Internet users to change their passwords regularly and to use strong, unique passwords for each service.
