- Security researchers discovered a file called ‘rockyou2024.txt’ that contained 9,948,575,739 stolen passwords on a criminal marketplace.
- The file was uploaded by a hacker named ObamaCare on July 4. The contents of the file were stolen through multiple data breaches over a period of at least two decades.
- Users are recommended to be cautious during the coming days. Update your old passwords, turn on multi-factor authentication and make sure all your accounts have a different unique password.
Researchers have discovered a file that contains 9,948,575,739 (almost 10 billion) unique plaintext passwords that were stolen over the years (at least two decades) through multiple security breaches. It is believed to be the biggest password cache ever uncovered.
On July 4, a file named ‘rockyou2024.txt’ was uploaded to an online criminal marketplace by a hacker who goes by the name ObamaCare. That’s where it was first discovered by the cybersecurity researchers.
It was found that the file consists of an earlier database named RockYou 2021 which comprised about 8.4 million stolen passwords. This would mean that an additional 1.5 million passwords were added to it between the period of 2021 and 2024.
What Could Be the Consequences?
Needless to say, a file containing these many passwords is the dream of any hacker and hence a nightmare for all the users whose credentials had been compromised.
It can be used in brute-force attacks where the hackers will gain unauthorized access to various online accounts of the affected users. Data breaches, financial frauds, and identity thefts will become all too common.
A brute-force attack is a type of hacking method in which hackers keep stuffing passwords on a trial-and-error basis until they finally find the right match.
It’s not just the online accounts, offline services are equally at risk, including internet-facing cameras and industrial hardware.
What Can the Users Do Now?
The only thing you can do if you believe your password has been stolen is protect all your accounts.
- We recommend changing old passwords to something new and strong. Make sure it’s not similar to your old password.
- Ensure you use a combination of numbers, letters, and symbols in your passwords. Longer passwords with a good mix of these elements can take years to crack. For instance, a 12-character password with just lowercase and uppercase characters can take 300 years to get into.
- Also, make sure you are using unique passwords for every single account. This way even if one of your accounts is compromised, the others will remain safe.
You can also use password checkers to gauge the strength of your current password or simply use one of the best password managers around, which will suggest strong unbreakable passwords and also remember them for you. These managers also encrypt your passwords, making it difficult for hackers to read them even if servers are breached.
It’s also a good time to use multi-factor authentication. Add extra layers of protection to your accounts so that one single compromised password can’t give it away.
Security experts even advocate making two-factor authentication mandatory through a regulation across platforms.
Another alternative is going passwordless. If supported, you can turn on biometric login (Face ID or fingerprint) for your devices, which will do away with the need for traditional passwords.
All-in-all, it is high time you become more cautious of your password habits and secure your online accounts.
Our Editorial Process
The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.
