Cyber experts have urgently warned people to update their passwords after a hacker uploaded billions of login details.
The leak, dubbed RockYou2024, was published on July 4 and contains no less than 10 billion passwords from a collection of old and new data breaches.
The researchers who revealed the leak said the information could allow hackers to attack any system not protected by strict security software, including online and offline services, online cameras and industrial hardware.
This could lead to a wave of data breaches, financial fraud and identity theft using passwords that have been harvested from more than 4,000 databases over the past two decades.
Cybernews researchers revealed that a hacker published a staggering 10 billion passwords collected from 4,000 databases
The user, who calls himself ObamaCare, used 8.4 billion passwords from a previous hacking forum posted in 2021 and cracked 1.5 billion new passwords.
Cybernews researchers who investigated the attack said the perpetrator calls himself ObamaCare.
The person apparently used 8.4 billion passwords from a previous criminal forum posted in 2021.
However, an additional 1.5 billion new passwords were obtained from the records between 2021 and 2024.
“Christmas came early this year,” ObamaCare wrote on the forum.
‘I present to you a new password list from rockyou2024 with over 9.9 billion passwords.’
The hacker added that they “also cracked some old passwords with (their) new 4090,” a high-end Nvidia graphics card, which contained “new, real user passwords.”
The file was published in a 45.6 gigabyte .zip archive using leaked logs from sites including X (formerly Twitter), AdultFriendFinder, MyFitnessPal, LinkedIn and Adobe.
The two most affected brands are China-based companies that vastly outnumber other online businesses.
They include $1.5 billion from Tencent, a technology company that provides internet services, and $504 million from social media platform Weibo.
“In essence, the RockYou2024 leak is a compilation of real-world passwords used by people around the world,” the researchers said, adding that they “reveal that many threat actor passwords substantially increase the risk of credential theft attacks.”
Credential theft occurs when hackers use a password from a data breach to log into an unrelated service, such as using a password obtained from the AT&T breach to see if the person uses the same password for their bank account.
The file was published in a 45.6 gigabyte .zip archive using leaked logs from sites including X, AdultFriendFinder, MyFitnessPal, LinkedIn and Adobe.
Cybernews said Forbes that its researchers have been in contact with the hacker and are working to investigate the data sets and the roughly “30 gigabytes of combined lists from which the data was extracted.”
Users can check if their password was leaked by visiting Cybernews place and entering your password.
As a preventative measure, users should immediately reset their leaked passwords on all accounts and select strong, unique combinations that are not used across multiple platforms.
They should also allow multi-factor authentication, which provides a second level of security by requiring verification, such as facial recognition or a PIN, in addition to the password.
“There’s really no excuse not to use unique passwords for every account, as data breaches unfortunately continue to occur and grow,” Jake Moore, global cybersecurity advisor at security vendor ESET, told Forbes.
“Luckily, password managers are easier than ever to use and implement in everyday life. They also take the hard part of generating passwords and securely storing these complex codes.”
