By Davey Winder
The world’s largest collection of stolen passwords has been uploaded to an infamous crime marketplace where cybercriminals trade such credentials, according to security researchers. A hacker using the name ‘ObamaCare’ has posted a database allegedly containing almost 10 billion unique passwords thought to have been collected from numerous data breaches and hacks across many years. Here’s everything you need to know.
What You Need To Know About The RockYou2024 Password Database
Security researchers from Cybernews say they have uncovered what appears to be the biggest collection of stolen and leaked credentials ever seen on the BreachForums criminal underground forum. Containing what is said to be an astonishing 9,948,575,739 unique passwords, all in plaintext format, the RockYou2024 compilation apparently comprises an earlier credentials database known as RockYou 2021, which featured 8.4 billion passwords, adding approximately 1.5 billion new passwords into the mix.
These cover the period from 2021 through 2024, and it has been estimated that the latest credentials file contains entries from a total of 4,000 huge databases of stolen credentials covering at least two decades.
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” the researchers said, adding “revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.”
The Brute Force Implications Of RockYou2024
Credential stuffing attacks remain one of the most common and successful methods of gaining initial access to services and systems for criminal and state-sponsored hackers and ransomware affiliates.
Such threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and “gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset,” the research team said. This could include anything and everything from online services, to internet-facing cameras and even industrial hardware. Combined with other leaked databases on hacker forums and dark web marketplaces, containing email addresses and other credentials, the team concluded, “RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts.”
Disclaimer
The information contained in South Florida Reporter is for general information purposes only.
The South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service.
In no event shall the South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice.
The Company does not warrant that the Service is free of viruses or other harmful components
