Is this the biggest password leak ever uncovered? Researchers claim nearly 10 billion credentials under threat — here's what we know so far
Researchers claim to have uncovered what appears to be the biggest password cache ever uncovered, with 9,948,575,739 unique plaintext passwords inside.
The file, titled ‘rockyou2024.txt’ contains passwords stolen in a mix of old and new attacks, making the file a brute force attackers’ dream.
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” Cybernews researchers say.
The .txt file was posted on July 4 by a user with the handle 'ObamaCare', who has shared leaked passwords from a number of sources since registering in May 2024.
Speaking on the potential dangers of the password leak, the research team said, “Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset.”
The passwords are compiled from a number of data breaches spanning two decades, with 1.5 billion passwords added to the file from 2021 to 2024.
