On July 4 of all days, Independence Day for Americans, the largest password leak in history occurred, dubbed "RockYou2024" by the original poster "ObamaCare" on a leading hacking forum.
There are an incredible 9,948,575,739 passwords compiled all in plain text, close to 10 billion passwords, posted by user "ObamaCare". The user registered on the hacking forum in late May 2024, previously sharing the employee database from law firm Simmons & Simmons, a lead from an online casino AskGamblers, and student applications from Rowan College at Burlington County.
The team cross-referenced the passwords in the huge "RockYou2024" leak with the data from Cybernews' Leaked Password Checker, which the site "revealed that these passwords come from a mix of old and new data breaches". Researchers said: "In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks".
The team at Cybernews believes that attackers can now use the 10-billion-strong "RockYou2024" compilation of hacked passwords to "target any system that isn't protected against brute-force attacks". This includes everything from online and offline services to internet-facing cameras, and even industrial hardware". The team added:"Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts".
The Cybernews team explained: "Attackers can utilize the ten-billion-strong RockYou2024 compilation to target any system that isn't protected against brute-force attacks. This includes everything from online and offline services to internet-facing cameras and industrial hardware. Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts".