Researchers have uncovered a file containing nearly 10 billion unique plaintext passwords that have been stolen over the last two decades through multiple security breaches. This file, believed to be the largest password cache ever found, was uploaded to an online criminal marketplace on July 4 by a hacker named ObamaCare. Cybersecurity researchers discovered it shortly after its upload.
The file, named ‘rockyou2024.txt,’ includes an earlier database called RockYou 2021, which contained around 8.4 million stolen passwords. Between 2021 and 2024, an additional 1.5 million passwords were added, raising the total to almost 10 billion. This vast collection of passwords poses significant risks to the security of online accounts and services.
The consequences of this password cache being available to hackers are severe. Hackers can use these passwords in brute-force attacks to gain unauthorized access to various online accounts, leading to data breaches, financial frauds, and identity theft. Offline services, including internet-facing cameras and industrial hardware, are also at risk from such attacks.
To protect themselves, users need to take immediate action if they suspect their passwords have been compromised. It is essential to change old passwords to new, strong ones, avoiding similarities with previous passwords.
Users should use a combination of numbers, letters, and symbols in their passwords, and ensure each account has a unique password. Utilizing password managers can help generate and store strong passwords securely.
Additionally, implementing multi-factor authentication (MFA) adds an extra layer of security to online accounts, making it harder for hackers to gain access even if they have the password.
Security experts recommend considering passwordless options like biometric logins where supported. Users must adopt better password habits and employ robust security measures to safeguard their online accounts.