Cyber experts warn the public to update passwords after a hacker released tens of billions of login details.
World's Largest Password Database
On July 4, one of the largest data breaches in history struck the online world as a gigantic collection of passwords from both old and new data breaches was leaked on a crime forum. Known as RockYou2024, the leak was uploaded by a poster going under the name "ObamaCare."
The hacker was able to compile 9,948,575,739 unique passwords into plain text. In other words, nearly ten billion passwords were leaked from more than 4,000 databases in the past two decades.
The private information revealed can then be exploited further by hackers on any unprotected system by security software, online and offline services, industrial hardware, and even online cameras. Stolen passwords can also be used for financial fraud, data breaches, and identity theft.
RockYou2024 is a compilation of all past password leaks, with the base from a prior RockYou2021 compilation containing 8.4 billion passwords. This means that some 1.5 billion passwords have been added to this list between RockYou2021 and RockYou2024.
The hacker has said that most of these new passwords were decoded using a high-end version of the Nvidia graphics card, RTX 4090, which raised alerts earlier. It was then released in a 45.6 gigabyte.zip archive with the help of leaked records from sites that include X (formerly Twitter, Adobe, LinkedIn, MyFitnessPal, and AdultFriendFinder.
The top two affected brands both belong to China-based companies, way outpacing other online companies: 1.5 billion records from Tencent and 504 million from social media platform Weibo.
According to Cybernews, its researchers have been in contact with the hacker and have worked with datasets for investigation purposes. They are also investigating the 30 gigabytes of combo lists from which data was extracted.
Staying Protected From Cyber Threats
According to researchers, RockYou2024 contains actual passwords used by people across the globe. Alternatively, huge amounts of passwords like these place such credentials at a very high risk of being utilized in credential-stuffing attacks.
Credential stuffing is where cyber hackers take a password from one data breach and try using it to log into some other completely unrelated service. For instance, it may involve using a password acquired from the AT&T leak to see whether the person used exactly the same for their bank account.
Users are advised to change leaked passwords immediately on all accounts for preventive measures, choosing strong unique combinations not used on multiple platforms. They also need to enable multi-factor authentication since it offers a second level of security.
According to Jake Moore, the global cybersecurity advisor for security vendor ESET, there is no excuse for anyone not to use unique passwords for every single account as data breaches continue to spread.
Fortunately, these bits of software are easier than ever to use and put into practice in everyday life. Also, they also offer the hard part of password generation and secure storing of complex codes.
RELATED ARTICLE : Here's How to Secure Personal Data On Your Laptop
Check out more news and information on Cybersecurity in Science Times.