Tech
10 billion passwords exposed in largest leak ever: Report
The compilation of leaked passwords, RockYou2024, was shared by a user named ‘ObamaCare’ on a popular hacking forum
A hacker has leaked nearly 10 billion passwords in the biggest haul of all times, researchers at Cybernews reported.
The compilation of leaked passwords, RockYou2024, was shared by a user named ‘ObamaCare’ on a popular hacking forum on Thursday.
This is not the first time that ‘ObamaCare’ has posted stolen data on the internet. Previously, the report said the user has shared an employee database from the law firm Simmons & Simmons, a lead from online casino AskGamblers, and applications for Rowan College at New Jersey.
The researchers at Cybernews, who studied the dataset, said it was compiled for more than 10 years and the released dataset is the third such dataset.
The ‘RockYou2024’ dataset is the compilation of several newly-stolen passwords and many previously stolen, researchers said in the report.
In 2021, a dataset named ‘RockYou2021’ was released that had around 8.4 billion stolen passwords. The latest dataset added around 1.5 billion more passwords to this database.
In turn, the dataset uploaded in 2021 was built upon another dataset released in 2009 that had “tens of millions user passwords for social media accounts”, according to the report.
How can such leaks harm you?
Passwords leaked in such datasets can be used to mount credential stuffing attacks and brute force attacks.
Credential stuffing attacks refer to the criminals’ practice of using passwords stolen from one device or account to gain access to another device or account. The premise is that users often use a common password across different accounts and devices, so criminals rely on such passwords to access other or all of the users’ accounts.
A brute force attack refers to criminals employing a trial-and-error approach to systematically guess sign-in information, passwords, and encryption keys.
Cybernews researchers said the 10-billion-strong database can be used to target everything from online to offline services to internet-facing cameras and industrial hardware.
“Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” said the researchers.
20/7/2024 Horse Racing Tips and Best Bets – Rosehill, Winter Challenge day
 "BCCI want Test specialists to play domestic cricket; Rohit, Virat, Bumrah to be exceptions")
BCCI want Test specialists to play domestic cricket; Rohit, Virat, Bumrah to be exceptions
HORSE RACING DAY 5: Andrew Champagne’s picks, analysis, bankroll
HORSE RACING DAY 5: Andrew Champagne’s picks, analysis, bankroll
600 Jobs, 25,000 Seekers: Air India Drive Sets Off Stampede Fear In Mumbai
More Trips, Higher Prices: Business Travel Spending May Finally Top 2019 Levels
Let’s take this offline: why indie fashion boutiques are back in fashion
Blue Jays balance college-heavy Draft with a few high-upside picks
Get to Know Gopher Men’s Basketball’s Frank Mitchell – University of Minnesota Athletics
