Are you one of those people who reuse passwords multiple times for different sites? Then it might be time to change your passwords. There is a document circulating on the internet that contains nearly 10 billion passwords.
A text file containing at least 9,948,575,739 — nearly 10 billion — passwords has been circulating on an online hacker forum since July 4. Internet News The file, which was named “rockyou2024.txt,” was discovered by accident. According to the researchers, some of these passwords had already been leaked before, but the file also contained new login details that had never been leaked before.
Not the first time
The file was uploaded by a user named “ObamaCare.” The user, who has been active on the hacker forum since May 2024, had previously uploaded a number of documents. Law firm Simmons & Simmons, among others, saw its personnel file appear online. The hacker also posted records for Rowan College, a US school, online. The RockYou2024 document contains some of this data, but it also contains a lot of new data. RockYou2024 is also based on the 2021 version, which contained 8.4 billion passwords at the time.
The researchers are not concerned about this, calling the leak the “largest collection of passwords” ever published online. And in this way, the hackers are repeating their trick as of 2021. The researchers note that these are real passwords, which are already being used for many online accounts.
Earlier this year, a trove of passwords surfaced online in the so-called “Mother of All Breaches” (MOAB). At the time, it involved a collection of data that had previously been leaked, but had been put together online. RockYou2024 includes passwords that the criminals had extracted themselves, including several social media accounts. What’s more: In MOAB, much of the data was in the database multiple times. That’s not the case here: nearly 10 billion passwords in this database are unique.
Featured article
Data from 26 billion accounts available online
protect yourself
Such large leaks open the door to abuse, especially in the form of “credential stuffing.” Cybercriminals try to combine your password and email address on as many sites as possible, hoping that the password will appear multiple times. This is one of the reasons why you shouldn’t reuse passwords: it’s one of the easiest ways for cybercriminals to gain access to your accounts.
In addition to using unique passwords, there are a number of things you can do to prevent abuse. By far the best option is to stop using passwords and switch to passkeys. These access keys are specific to the device you’re using, so they’re harder to steal. It’s also a good idea to set up 2FA or MFA for as many accounts as possible. That way, your password will never be enough to access your account, so you can use the internet with more confidence.