10 billion passwords have been leaked on a hacker site. Are you at risk? (2024)

In the latest cybersecurity scare, a file with nearly 10 billion passwords has been posted to a hacking site.

Researchers at Cybernews said they discovered the file, posted on July 4, with 9,948,575,739 unique plaintext passwords.

More:

Cybernews experts said they believe this data dump, called RockYou2024, is the largest password leak of all time.

"The Cybernews team believes that attackers can utilize the ten-billion-strong RockYou2024 compilation to target any system that isn’t protected against brute-force attacks. This includes everything from online and offline services to internet-facing cameras and industrial hardware," the online publication said in a report.

10 billion passwords have been leaked on a hacker site. Are you at risk? (1)

What is the RockYou2024 leak?

The 10 billion passwords included in a file uploaded by a user named ObamaCare are not all new, Cybernews said.

Cybernews said its team "cross-referenced the passwords included in the RockYou2024 leak with data from Cybernews’ Leaked Password Checker, which revealed that these passwords came from a mix of old and new data breaches."

The passwords on the document have likely been collected from more than 4,000 databases over the last 20 years, Cybernews said.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” Cybernews said.

Credential stuffing is when hackers take information, such as passwords, from one data leak and attempt to log onto other websites, which can be very damaging to businesses and consumers, Cybernews said.

The recent wave of hacks targeting several sites including Ticketmaster were the result of credential stuffing attacks, said Cybernews.

Three years ago, a leak of 8.4 billion passwords called RockYou2021 was posted on a hacker site. At the time it was the largest password leak.

Cybernews said its analysis determined that the 10 billion leaked passwords in the RockYou2024 document included 1.5 billion new passwords leaked from 2021 through 2024.

Leak is the latest to share information already available

The 10 billion passwords leaked are a series of data dumps from previous hacks and are not new, but it is stil a big deal to have that many passwords in one document posted on the Internet, Scott Augenbaum, a retired FBI agent, cybercrime prevention trainer and author of The Secret to Cybersecurity, told USA TODAY.

"The big moral of the story is this needs to be a wake up call that no matter what a great job you do keeping yourself safe, someone's going to lose your user name and password," Augenbaum said, referring to companies whose sites are hacked.

The danger is that many people use very common passwords or if they're using a more difficult password or passphrase, they use the same one for multiple accounts, said Augenbaum. When those passwords are compromised, hackers can get into multiple accounts, he said.

"The passwords are out there,'' he said. "That means the cybercriminals right now are banking on the fact that they're going to capture one of your passwords. Are you using that same password for multiple platforms?"

It's important to have a different password for each account, said Augenbaum.

"This has an impact because just think about how many of our parents have the same password for multiple platforms or even our kids," he said. "This will have a greater ripple effect across consumers than anyone could imagine."

Augenbaum is particularly worried about the senior population, which is more likely to use the same password and could be vulnerable to scammers.

Cybersecurity:Data breaches and ID theft are still hitting records. Here's how to protect yourself.

How do I protect myself?

Here are five steps Augenbaum suggests consumers take to protect themselves:

  • Reset All Passwords: Immediately change passwords for all accounts associated with the leaked passwords. Ensure each password is strong and unique. A good password should be at least 12 characters long and include a mix of letters, numbers, and symbols. You can check Cybernews' leaked password check at https://cybernews.com/password-leak-check/. Augenbaum suggests starting by putting in the passwords for your "mission critical" accounts such as banking and personal finance, email and social media. If your password is among those leaked, change it on all sites where you use it. You can also use https://haveibeenpwned.com/ to put in your email address to find out if your information has been in any data breaches and change passwords there.
  • Enable Two-Factor Authentication (2FA): Wherever possible, enable 2FA, which prompts you to verify yourself on a second device. This adds an extra layer of security by requiring an additional verification step beyond your password.
  • Use a Password Manager: Utilize password manager software to securely generate and store complex passwords. This reduces the risk of password reuse across different accounts.
  • Beware of Account Compromise: Always verify suspicious emails, even if they appear to come from someone you know. Check for signs of phishing and avoid clicking on unexpected links or attachments.
  • Educate and Encourage Safe Practices: Encourage your friends and family to adopt these security measures and stay on guard for social engineering attempts. Cybercriminals often exploit the weakest link and unprotected accounts can lead to further breaches.

Betty Lin-Fisher is a consumer reporter for USA TODAY. Reach her at blinfisher@USATODAY.com or follow her on X, Facebook or Instagram @blinfisher. Sign up for our free The Daily Money newsletter, which will include consumer news on Fridays,here.

10 billion passwords have been leaked on a hacker site. Are you at risk? (2024)

FAQs

What is the largest password leak ever recorded? ›

Cybernews experts said they believe this data dump, called RockYou2024, is the largest password leak of all time. "The Cybernews team believes that attackers can utilize the ten-billion-strong RockYou2024 compilation to target any system that isn't protected against brute-force attacks.

What is the biggest password leak in 2024? ›

So much larger than life—a big time forum leak on July 4 exposed some 10 billion passwords. Called RockYou2024 after the rockyou2024. txt document a user posted to a popular hacking forum, the leak presents a threat to security around the world, according to Cybernews researchers.

How serious are password data leaks? ›

Data leaks often result in the exposure of personal and sensitive information, such as names, addresses, phone numbers, social security numbers, financial details, or medical records. This can lead to identity theft, impersonation, fraud, or harassment.

Why is my Iphone telling me my password in a data leak? ›

This message pops up because Apple has expanded its iCloud Keychain with a cybersecurity feature called password monitoring. It continuously scans your saved passwords and compares them with a list of compromised passwords.

What is the number 1 most used password? ›

Something simple, short and predictable. Astonishingly, those are also the characteristics of the world's most common online password, which is 123456, according to online password management company NordPass.

What is the safest password in the world? ›

Create complex passwords or passphrases
  • An English uppercase character (A-Z)
  • An English lowercase character (a-z)
  • A number (0-9) and/or symbol (such as !, #, or %)
  • Ten or more characters total.

What's the worst password? ›

National Cyber Security Centre
Rank2019
1123456
2123456789
3qwerty
4password
16 more rows

What is the hardest password to get? ›

Use a combination of at least eight letters, numbers, and symbols. The longer your password and the more character variety it uses, the harder it is to guess. For example, M0l#eb9Qv? combines upper- and lowercase letters, numbers, and symbols, making a unique and hard-to-guess password.

What are the most commonly hacked passwords? ›

Most hackable passwords

Second came “123456” followed by the slightly longer “123456789.” Rounding out the top five were “guest” and “qwerty.” Most of those log-ins can be cracked in less than a second.

What is the mother of all breaches? ›

In January 2024, a data leak of 26 billion records was discovered by security researcher Bob Diachenko of Security Discovery. This data breach has quickly come to be known as The Mother Of All Breaches (aka MOAB) due to its size and contains 12 terabytes of user data from 3,876 domains.

Has Apple had a data breach in 2024? ›

Senior Contributor. Davey Winder is a veteran cybersecurity writer, hacker and analyst. A notorious hacker, thought to be behind many recent breaches of large tech companies, has added Apple to the list after claiming to have the source code to three commonly used internal tools following a June 2024 data breach.

Why do I have so many compromised passwords? ›

One of the most common causes of compromised passwords is the use of weak passwords that are easy to guess. Simple passwords, such as “123456” or “password”, are effortless for attackers to crack. Additionally, reusing passwords across multiple accounts significantly elevates the risk.

Are Apple data leak warnings real? ›

Apple's “Security Recommendations” is a password monitoring feature that aims to provide iOS users with additional warning of any data leaks. Security Recommendations ensures users can update their passwords before a data breach occurs, reducing the risk of identity theft or fraud.

What is the password leak 2024? ›

On 4 July 2024, a threat actor called 'ObamaCare' leaked what is likely the largest password compilation to date, calling it “10 Billion Rockyou2024 Password Compilation”. Specifically, ObamaCare said: I present you a new rockyou2024 password list with over 9.9 billion passwords!

How do I know if my data has been breached? ›

Check for suspicious logins into your accounts and activate notifications for them if the service you use provides them. Be on the lookout for misleading password retrieval emails and messages and only change your credentials by logging into the account from the official website.

What is the strongest password ever? ›

The best, most powerful and strongest passwords are long, hard-to-guess, and unique. That means using a minimum of 15 characters, using words or phrases that are hard to guess and difficult to connect to you, and never reusing passwords across multiple accounts.

What is the most insecure password? ›

Is Your Password on the List?
  • 123456.
  • 123456789.
  • admin.
  • Qwerty.
  • welcome.
  • Password.
  • Password1.
  • p@ssw0rd.

What is the first password in the world? ›

The 1st digital password

In 1961, MIT computer science professor Fernando Corbato created the first digital password as a project problem-solver. When he built a giant time-sharing computer, several users needed their own private access to the terminals. His solution? Give each user their own password.

Top Articles
Latest Posts
Article information

Author: Kareem Mueller DO

Last Updated:

Views: 5942

Rating: 4.6 / 5 (46 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Kareem Mueller DO

Birthday: 1997-01-04

Address: Apt. 156 12935 Runolfsdottir Mission, Greenfort, MN 74384-6749

Phone: +16704982844747

Job: Corporate Administration Planner

Hobby: Mountain biking, Jewelry making, Stone skipping, Lacemaking, Knife making, Scrapbooking, Letterboxing

Introduction: My name is Kareem Mueller DO, I am a vivacious, super, thoughtful, excited, handsome, beautiful, combative person who loves writing and wants to share my knowledge and understanding with you.