'RockYou2024' leak: Nearly 10 billion passwords stolen by hackers
What's the story
Hackers have stolen approximately 10 billion unique plaintext passwords in the recent years. A leaked file, dubbed RockYou2024.txt, was posted by a forum user named "ObamaCare." This colossal data leak is an amalgamation of both old and new cyber attacks, as reported by TechRadar. The RockYou2024.txt file is a continuation of the 'RockYou2021' password compilation that exposed 8.4 billion plaintext passwords three years prior. The latest leak has added an extra 1.5 billion passwords to this already alarming number.
Cyber attacks
Brute-force and credential stuffing: The hacker's tools
The leaked database provides potential criminals with the means to execute brute-force attacks and gain unauthorized access to online accounts revealed in the leak. Brute-force is a hacking method where a program tries every possible combination of letters/numbers until the correct password is discovered. Simple passwords like "1234" can be cracked within seconds using this technique. The RockYou2024 leak also enables another type of attack known as credential stuffing, which targets individuals who reuse their login information across multiple platforms.
Cybersecurity
Protective measures against data breaches
Fortunately, there are ways individuals can safeguard themselves from such breaches. Media outlet Cybernews has developed a data leak checker that allows users to verify if their credentials have been exposed. Similarly, the well-known data leak site HaveIBeenPwned can also indicate if your records have been compromised. To further protect against such attacks, it is advised to use strong, complex and unique passwords for all online accounts.
Preventive measures
Password managers and identity theft protection services
While users can create strong passwords themselves, password managers can generate and securely store these for them. These tools are instrumental in maintaining unique and complex passwords for each online account. Additionally, identity theft protection services can be beneficial in recovering a stolen identity or money lost to fraud, providing an extra layer of security against cyber attacks.