Sunday, December 22, 2024

You might want to change all of your passwords after this record setting leak was announced

Must read

During this summer, we figured to hear about a lot of new records being set considering that this is an Olympic year with the Summer Games kicking off on July 26th in France. But a new record has just been set and unfortunately, it is not good news. Nearly 10 billion unique plainword passwords were leaked in a file titled rockyou2024.txt found in a popular hacking forum. The passwords were posted by a forum member with the username ObamaCare.

A report calls this the “largest password compilation” making it a dubious record. The account has previously posted passwords from other data breaches including an employee database from law firm Simmons & Simmons, leads from online casino AskGamblers, and student applications for Rowan College at Burlington County. The latest and record-breaking file was cross-referenced with data from Cybernews’ Leaked Password Checker revealing that these passwords came from a combination of old and new data breaches.

This data breach is serious and the precise number of passwords in the file is 9,948,575,739. If you’re the type of person that reuses passwords on multiple apps and websites to make them easier to remember, there’s a possibility that the password to your sensitive accounts is among those in the file. The file was posted on the hacking forum on July 4th and with the large number of stolen passwords there is the possibility of fireworks coming from this data breach.

Researchers at Cybernews said, “In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.” Recent attacks have targeted Santander, Ticketmaster, Advance Auto Parts, and QuoteWizard and were the result of credential stuffing attacks against the victim’s cloud service provider Snowflake. Such an attack uses credentials stolen from a previous data breach on one service to log in to an unrelated service.

The Cybernews researchers added, “Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset.” And that is exactly what you should be worried about. You might want to come up with a new password for your most important financial and personal apps and websites by including uppercase and lowercase letters, numbers, and special characters.

Latest article