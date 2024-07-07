The largest database of stolen passwords with almost 10 billion unique records has been leaked on a popular hacker forum. The Cybernews research group believes that the leak poses a serious danger to users who tend to reuse passwords.

Cybernews found the largest compilation with a staggering 9,948,575,739 unique passwords in plaintext. The data file, called rockyou2024.txt, was posted on July 4 by an ObamaCare forum user. Although this user registered at the end of May 2024, he had previously leaked the database of employees of the law firm Simmons & Simmons.

The research team cross-referenced the passwords included in RockYou2024 with Cybernews’ Leaked Password Checker, which showed that these passwords came from a combination of old and new leaks. Most likely, the latest iteration of RockYou contains information gathered from more than 4,000 databases over more than two decades

«Essentially, the RockYou2024 leak is a compilation of real passwords used by people around the world. The discovery that many threat passwords significantly increase the risk of credential spoofing attacks», — Cybernews reports.

Credential attacks can cause serious damage to users and companies. For example, the recent spate of attacks targeting Santander, Ticketmaster, Advance Auto Parts, QuoteWizard, and others was a direct result of credential attacks against cloud service provider Snowflake.

The RockYou2024 build didn’t just fall out of the sky. Three years ago, Cybernews published a story about the largest build of the RockYou2021which contained 8.4 billion passwords. Now the attackers have added another 1.5 billion passwords to this database from 2021 to 2024.

RockYou2021, in turn, is an expansion of the 2009 data breach that included tens of millions of user passwords to social media accounts — since then, the collection has grown exponentially.

