Report: Hacker Uploads 10 Billion Passwords to Dark Web Forum

Hacker Uploads 10 Billion Passwords Dark Web

In a significant cybersecurity breach, the world’s most extensive collection of stolen passwords has been uploaded to an infamous crime marketplace where cybercriminals trade such credentials.

The hacker, operating under the pseudonym ‘ObamaCare,’ has posted a database allegedly containing nearly 10 billion unique passwords, according to security researchers from Cybernews. This massive leak poses a substantial threat to online security worldwide.

The RockYou2024 Password Database

Security researchers have identified the RockYou2024 database as the most extensive collection of stolen and leaked credentials ever seen on the BreachForums criminal underground forum. 

Containing approximately 9,948,575,739 unique passwords, all in plaintext format, the RockYou2024 compilation includes entries from an earlier database known as RockYou2021.

The RockYou2021 database contained 8.4 billion passwords, to which about 1.5 billion new passwords have been added, covering 2021 through 2024. Researchers estimate that the latest credentials file contains entries from around 4,000 significant databases of stolen credentials spanning at least two decades.

Concerns About Data Integrity

Despite the vast volume of data in the RockYou2024 leak, some cybersecurity experts have raised concerns about the data’s integrity. Some researchers have suggested that much of the data might be useless to cybercriminals. 

Responding to these concerns, Cybernews stated that their researchers had verified around 30 GB of the data, finding a 100% match with part of the RockYou dataset. 

However, they did not thoroughly investigate all the datasets. Cybernews emphasised that their primary goal is to inform the public about potential risks rather than providing the dataset to threat actors.

Brute Force and Credential Stuffing Implications

Credential stuffing attacks remain among the most common and successful methods for gaining unauthorised access to services and systems. Cybernews researchers warn that attackers could exploit the RockYou2024 password compilation to conduct brute-force attacks. 

Such attacks could target various online accounts, internet-facing cameras, and even industrial hardware. Combined with other leaked databases containing email addresses and credentials, RockYou2024 could lead to data breaches, financial fraud, and identity thefts.

Expert Opinions on the Leak

Cybersecurity experts argue that the sheer size of the RockYou2024 database might limit its usefulness to cybercriminals. Daniel Card, a cybersecurity consultant, pointed out that once databases reach a specific size, adding more passwords does not significantly enhance threat actors’ capabilities. 

Ian Thornton-Trump, the chief security information officer at Cyjax, agreed, suggesting that the vast data size might render it next to useless. 

However, both experts stressed the importance of multi-factor authentication (MFA) in mitigating such risks. Thornton-Trump even suggested that regulation might be necessary to mandate MFA for all logins on software-as-a-service platforms.

Steps to Protect Yourself

Responding to this massive leak, cybersecurity experts advise individuals to reassess their attitudes towards login security. Jake Moore, the global cybersecurity advisor for ESET, emphasised the importance of using unique passwords for every account. 

Moore recommended using password managers to generate and store complex passwords securely. He also urged users to implement MFA wherever possible to add an extra layer of security. 

Additionally, Cybernews offers an exposed passwords checker tool, allowing users to verify if any of their passwords are included in the RockYou2024 database.

The RockYou2024 leak, containing nearly 10 billion unique passwords, represents a significant cybersecurity threat. While some experts question the data’s integrity, the potential for credential stuffing and brute-force attacks remains high. 

Cybersecurity experts recommend using unique passwords, employing password managers, and implementing multi-factor authentication to mitigate these risks. By taking these precautions, individuals can better protect themselves against the growing threat of data breaches and identity theft.

 

The information is taken from Forbes and First Post


Subscribe to Our Newsletter

Related Articles

Top Trending

Plastic-Free Grocery Swaps
8 Plastic-Free Grocery Shopping Swaps That Actually Work
Quality Assurance & Game Testing
Top 10 Gaming SMEs Specializing in Quality Assurance & Game Testing in India
On This Day July 9
On This Day July 9: History, Famous Birthdays, Deaths & Global Events
best newsletters SaaS founders
11 Best Newsletters SaaS Founders Should Read for Growth
local SEO tactics small business
10 Local SEO Tactics Small Business Owners Can Use to Rank Better Nearby

Fintech & Finance

ELSS SIP Calculator
ELSS SIP Calculator: Tax Saving + Wealth Building Explained
Tracking Small-Cap Stocks on Fintechzoom.com Russell 2000
Fintechzoom.com Russell 2000: The Complete Guide to Tracking Small-Cap Stocks in 2026
Organizational Bottlenecks and How to Address Them
10 Organizational Bottlenecks: Here’s How to Address Them
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Founder comparing the Best Accounting Tools for Founders on a startup finance dashboard
9 Best Accounting Tools for Founders to Keep Startup Finances Clean

Sustainability & Living

Plastic-Free Grocery Swaps
8 Plastic-Free Grocery Shopping Swaps That Actually Work
Sustainable Bathroom Swaps
11 Sustainable Bathroom Swaps for a Waste-Free Routine
Career Changes for Climate Impact
7 Career Changes for Climate Impact That Use the Skills You Already Have
Reducing Food Waste Home
Reducing Food Waste at Home: Smarter Meal Planning and Ingredient Storage
Reducing Fashion Waste
Reducing Fashion Waste: How to Fix, Clean, and Preserve Your Wardrobe

GAMING

Quality Assurance & Game Testing
Top 10 Gaming SMEs Specializing in Quality Assurance & Game Testing in India
$70 Game Deals
Why $70 Game Deals Are Mostly Never Worth It
why AAA games look the same
Why AAA Games Look the Same Even When They Cost More Than Ever
Foullrop85j.08.47h Gaming
Foullrop85j.08.47h Gaming: What It Really Is and Why You Should Be Skeptical
Live Service Killed Creativity
Live Service Killed Creativity, and the Industry Knows It

Business & Marketing

Best Founder Resources
23 Best Founder Resources: A Practical Guide for Early-Stage Startups
Best Free Courses Aspiring Founders
The 7 Best Free Courses Aspiring Founders Should Take Before Building
best templates founders
11 Best Templates Founders Need to Build Smarter
Enter a new country without legal entity
The Fastest Way to Enter a New Country Without Establishing a Legal Entity
Promotional talent live events
How Promotional Talent Helps Brands Make an Impact at Live Events

Technology & AI

best newsletters SaaS founders
11 Best Newsletters SaaS Founders Should Read for Growth
Best Local LLMs You Can Run On A Laptop
Best Local LLMs You Can Run On A Laptop: A Complete Hardware And Setup Guide
How To Reduce AI Hallucinations In Long Documents guide
How To Reduce AI Hallucinations In Long Documents: Proven Strategies Explained
best startup books founders
9 Best Startup Books for Founders Who Need Practical Advice
retention tactics bootstrapped
9 Retention Tactics for Bootstrapped SaaS Teams That Cannot Afford Churn

Fitness & Wellness

A Complete Guide on TheLifestyleEdge com
The Lifestyle Edge: Your Complete Guide to Wellness and Modern Living
Stretching Accessories That Make a Difference
7 Stretching Accessories That Make a Difference for Flexibility, Mobility, and Recovery
air quality wellness devices
13 Air Quality and Wellness Devices Worth Considering for a Healthier Home
habits reduce stress
7 Habits That Reduce Stress Long Term and Feel Calmer Daily
habits better focus
11 Habits for Better Focus That Actually Work