Security researchers have issued a warning about one of the largest databases of leaked passwords that has emerged online, Forbes reported.
The database, which is text file named “RockYou2024”, contains a staggering 9,948,575,739 unique passwords stored in plain text and was posted on a forum popular with hackers at the end of last week
According to CyberNews experts, this massive haul of stolen passwords has the potential to trigger a wave of data breaches, financial fraud, and identity theft, GB News reported.
It seems that the database is a mixture of old and new data breaches.
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers said.
Credential stuffing is a prevalent method for hackers to use stolen login credentials from one website to gain unauthorised access to another.
Re-using the same login information multiple platforms can make individuals vulnerable to this type of cyber-attack.
The team at CyberNews cautioned: “Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset.”
RockYou2024.txt builds on an earlier leak, RockYou2021.txt, a text file shared by hackers online three years ago.
For those who want to protect themselves from credential stuffing or other types of attacks following the breach, the CyberNews team advises:
- Immediately reset passwords for all accounts that rely on a password included in the database.
- Create a unique alpha-numeric password for each online account.
- Enable multi-factor authentication, like a one-time code sent to your phone number, to protect accounts.
- Use a password manager to store and manage complex passwords.
- Use tools to check whether your details have been breached.
If your password has eight or fewer characters, it could be cracked in just 17 seconds, researchers found.
The breach highlights importance of special characters as most of the leaked passwords were either all lowercase or uppercase English letters with a few numerical digits.