The largest password collection with nearly ten billion unique passwords has been merged on a popular hacking forum. Research group Cybernews believes that the leak poses a serious threat to users who tend to reuse passwords.
Cybernews researchers found that this is probably the largest collection of passwords, with a staggering 9,948,575,739 unique atext passwords. The data file, named rockyou2024.txt, was posted on July 4 by a user on the ObamaCare forum. Although the user registered in late May 2024, he previously shared a database of employees at the law firm Simmons & Simmons, contacts at the online casino AskGamblers, and student applications to Rowan College in Burlington County.
“Basically, the RockYou2024 leak is a collection of real passwords used by people around the world. The discovery of a large number of passwords from attackers significantly increases the risk of spoofing attacks,” the researchers said. The RockYou2024 compilation didn’t just fall from the sky. Three years ago, Cybernews published an article about the RockYou2021 password collection, the largest at that time, with 8.4 billion passwords in plain text. According to the RockYou2024 analysis by the team, the attackers created the dataset by combing the Internet for data leaks, adding another 1.5 billion passwords between 2021 and 2024 and growing the dataset by 15 percent.
Credential spoofing attacks can cause serious damage to users and businesses. For example, the recent spate of attacks targeting Santander, Ticketmaster, Advance Auto Parts, QuoteWizard and others was a direct result of credential spoofing attacks against Snowflake victims’ cloud service provider. “Aggresives can use the RockYou2024 password collection to conduct phishing attacks and gain unauthorized access to various online accounts that use the passwords included in the dataset.”