10 Billion Passwords Leaked on a Hacker Forum

10 Billion Passwords Leaked on a Hacker Forum

A file containing almost 10 billion stolen passwords is for sale on the Dark Web. This compilation of data, stolen over the last 20 years, could lead to many attacks with unprecedented damage.

It's clear that cyberattacks are happening all over the world at the moment! Researchers at Cybernews have uncovered what they describe as the largest compilation of stolen passwords of all time. A file called "rockyou2024.txt", containing 9,948,575,739 unique passwords, has been put up for sale on a well-known hacker forum. This incredible number represents the compilation of data collected in multiple leaks over the last twenty years, emanating from no fewer than 4,000 different databases. This is particularly worrying news, as these passwords could be exploited to crack online accounts using brute force.

The user who shared this file, nicknamed ObamaCare, is no novice. He has already shared several stolen databases, including those of online casino AskGamblers and law firm Simmons & Simmons. However, this compilation is quite simply the largest in history.

"The RockYou2024 leak is a compilation of real passwords used by individuals worldwide. Revealing so many passwords to malicious actors significantly increases the risk of brute-force attacks," the researchers warn. In 2021, a previous compilation contained 8.4 billion stolen passwords. Between 2021 and 2024, the database grew by a staggering 1.5 billion credentials.

In practical terms, this means that hackers in possession of the file could try out a multitude of passwords to unlock an account. Of course, they wouldn't perform such a task manually but would automate the process to test millions of passwords in an instant. Worse still, "combined with other databases leaked on hacker forums and marketplaces, which contain, for example, user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial fraud, and identity theft," warn the researchers.

To find out if your passwords and other personal data have been leaked online, we can only advise you to use the Have I Been Pwned website. Cybernews also offers its own tool, which you can consult here. This will enable you to take appropriate security measures. If your information appears in the database, immediately change your password, as well as those of your other accounts that are identical. Remember, you absolutely must have a strong, unique password for each of your accounts! If you haven't already done so, activate two-factor authentication. Remember to terminate existing sessions to exclude any unauthorized users. And, as always, stay alert to possible phishing attempts!