Cyber experts have urged people to update their passwords after a hacker uploaded billions of login details.
The leak, dubbed RockYou2024, was posted on July 4 and contained a whopping 10 billion passwords from a compilation of old and new data breaches.
According to researchers who disclosed the leak, hackers can use this information to attack any system not protected by strong security software, including online and offline services, online cameras and industrial hardware.
This could lead to a wave of data breaches, financial fraud and identity theft using passwords collected from more than 4,000 databases over the past two decades.
Cybernews researchers have revealed that a hacker has released a whopping 10 billion passwords collected from 4,000 databases
The user, who goes by the name ObamaCare, used 8.4 billion passwords from a previous criminal forum released in 2021 and cracked 1.5 billion new passwords
Cybernews researchers who investigated the hack said the perpetrator goes by the name ObamaCare.
The person was found to have used 8.4 billion passwords from a previous crime forum released in 2021.
However, another 1.5 billion new passwords were obtained from records between 2021 and 2024.
“Christmas came early this year,” ObamaCare wrote on the forum.
‘I present to you a new rockyou2024 password list with over 9.9 billion passwords.’
The hacker added that they had also “cracked some old passwords using their new 4090”, a high-end graphics card from Nvidia, which contained “real new user passwords”.
The file was released in a 45.6 gigabyte .zip archive, using leaked data from sites including X (formerly Twitter), AdultFriendFinder, MyFitnessPal, LinkedIn and Adobe.
The two brands hardest hit are Chinese companies that are leaving other online companies far behind.
This includes $1.5 billion from Tencent, a technology company that provides internet services, and $504 million from the social media platform Weibo.
“Essentially, the RockYou2024 leak is a compilation of real passwords used by people all over the world,” the researchers said. “This shows that the use of many passwords by malicious actors significantly increases the risk of credential stuffing attacks.”
Credential stuffing occurs when hackers use a password from a data breach to log into an unrelated service. For example, they use a password obtained from the AT&T breach to see if the person uses the same password for their bank account.
The file was released in a 45.6 gigabyte .zip archive, using leaked data from sites including X, AdultFriendFinder, MyFitnessPal, LinkedIn and Adobe.
Cybernews reported Forbes that researchers have been in contact with the hacker and are investigating the datasets and the approximately ’30 gigabytes of combination lists from which data was extracted.’
Users can check if their password has been leaked by visiting Cybernews place and enter their password.
As a preventive measure, users should immediately reset leaked passwords on all accounts and select strong, unique combinations that are not used across multiple platforms.
They should also enable multi-factor authentication, which provides a second layer of security by requiring facial recognition or a PIN verification in addition to the password.
“There’s really no excuse not to use a unique password for every account, as data breaches are unfortunately becoming more and more common,” Jake Moore, global cybersecurity advisor for security vendor ESET, told Forbes.
‘Fortunately, password managers are easier than ever to use and implement into everyday life, and they take the hard part out of password generation and the secure storage of these complex codes.’