WEB DESK: Security researchers have issued a warning about one of the largest databases of leaked passwords to emerge online, as reported by Forbes. The database, known as “RockYou2024,” consists of a staggering 9,948,575,739 unique passwords stored in plain text. It surfaced on a forum popular among hackers towards the end of last week.
According to experts at CyberNews, this extensive collection of stolen passwords poses significant risks, potentially triggering a surge in data breaches, financial fraud, and identity theft, as reported by GB News. The database appears to be a compilation of both old and recent data breaches.
“The RockYou2024 leak contains a vast array of real-world passwords used globally, significantly escalating the threat of credential stuffing attacks,” researchers cautioned.
Credential stuffing involves using stolen login credentials from one platform to gain unauthorised access to others. Reusing the same login information across multiple accounts can leave individuals vulnerable to such cyber-attacks.
Read More: YouTube introduces AI eraser, to remove copyrighted music
The CyberNews team emphasised the potential misuse of the RockYou2024 password compilation for brute-force attacks, enabling threat actors to access various online accounts.
Notably, RockYou2024.txt follows a previous leak, RockYou2021.txt, which hackers shared online three years ago.
Protecting against credential stuffing
To safeguard against credential stuffing and other post-breach threats, CyberNews advises:
– Immediately reset passwords for all accounts using passwords from the database.
– Use unique alphanumeric passwords for each online account.
– Enable multi-factor authentication (MFA) to enhance account security.
– Employ a password manager to create and manage complex passwords securely.
– Utilise tools to check if your credentials have been compromised.
Researchers found that passwords with eight or fewer characters can be cracked in just 17 seconds, underscoring the importance of using special characters and robust password practices.
