Data Nightmare : Billions of Passwords Leaked in Historic Breach


A hacker, known as "ObamaCare," has reportedly leaked 995 crore passwords, marking what researchers consider the largest password data breach ever. The dataset, named RockYou2024, was made public on Thursday, according to Forbes. This breach poses a significant risk as it compiles real-world passwords from users worldwide, making credential stuffing attacks much more feasible for cybercriminals.

Cybernews researchers emphasized the potential dangers, noting that the RockYou2024 compilation could be exploited for brute-force attacks, allowing unauthorized access to online accounts. The passwords in the dataset come from a mix of old and new data breaches, adding to its comprehensiveness.

The combination of this dataset with other leaked databases containing email addresses and other credentials could lead to a surge in data breaches, financial fraud, and identity theft. This underscores the need for heightened cyber hygiene practices.

Need to Know About the RockYou2024 Password Database

Security researchers from Cybernews have uncovered what they believe to be the largest collection of stolen and leaked credentials ever seen on the BreachForums criminal underground forum. Named RockYou2024, this compilation contains an astounding 9,948,575,739 unique passwords, all in plaintext format. It builds upon an earlier database known as RockYou2021, which featured 8.4 billion passwords, adding approximately 1.5 billion new entries. These passwords span the period from 2021 through 2024 and are estimated to come from a total of 4,000 large databases of stolen credentials, covering at least two decades.

The RockYou2024 Password Database is a massive collection of leaked passwords, reported to be the largest of its kind ever discovered. Here's a breakdown of the key points:

  • Size: It contains roughly 10 billion unique passwords in plain text, making it a significant security risk.
  • Origin: The leak likely combines passwords from various sources, including older breaches and new attacks. It reportedly builds on a previous compilation called RockYou2021.
  • Impact: This data can be used by hackers to try cracking accounts through credential stuffing attacks, where they attempt to use leaked passwords on other platforms.

It's important to note that while the size of the leak is alarming, some experts believe a significant portion might be recycled data from older breaches.

Here are some recommendations to protect yourself:

  • Change your passwords: If you reused passwords across different accounts, change them immediately, especially for critical accounts like banking or email.
  • Use strong passwords: Don't rely on dictionary words or easily guessable phrases. Consider a password manager to generate and store strong, unique passwords for all your accounts.
  • Enable two-factor authentication (2FA): This adds an extra layer of security by requiring a second verification code when logging in, making it much harder for hackers to gain access even if they have your password.
  • Be cautious of phishing attempts: Scammers might try to trick you into revealing your passwords or clicking on malicious links. Don't click on suspicious emails or attachments.

Source  Forbes 

No comments:

Millions of mSpy Customer Records Compromised in Data Leak

  A major data leak exposed over 310 gigabytes of information from spyware developer mSpy, including 2.4 million unique email addresses. Thi...