A text document containing at least 9.9 billion passwords was leaked onto a hacking forum last week on July 4th. This leak is regarded as the largest breach of all time, with the text document itself considered the largest repository of passwords stolen over the years.

Password Hacker Graphic, Photo Courtesy: INTERNXT

The text document, rockyou2024.txt, was uploaded to BreachForums by user “ObamaCare”, who is known for previously leaking the employee database of Simmons & Simmons, as well as student applications for Rowan College, located in Burlington County. In the post, ObamaCare said:

“I present you a new rockyou2024 password list with over 9.9 billion passwords! I updated rockyou21 with collected new data from recent leaked databases in various forums over this and last years…This contains actual new real passwords from users.”

The document containing the passwords is an updated list of another leaked password document called rockyou2021.txt, which originally contained nearly 8.5 billion passwords. The new “RockYou2024” text document contains nearly 1.5 billion new passwords, with data being taken from 4,000 different databases. The original “RockYou2021” leak is an expansion of another data breach that took place in 2009, which contained millions of user passwords for social media accounts, including the now-defunct social media website RockYou.

RockYou2024 Forum Post, Photo Courtesy: CyberNews

The leak was originally reported by CyberNews, whose research team states that; “…The RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential suffering attacks…threat actors could exploit the…password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset". 

The team also went on to say that the leaked passwords affect everything, from online to offline services, and even internet-facing cameras and industrial hardware.

Many tech experts are advising users to reset their passwords for their accounts, as well as to avoid reusing the same passwords on different platforms and services. Multi-factor authentication is also being recommended, which adds an extra layer of security to one's account beyond just a password. Password managers are also considered a useful tool when it comes to storing, as well as creating strong passwords for individual accounts.

If you or someone else are concerned about your password being included in any of these data breaches, you can use CyberNews’ official password checker, which checks to see if your password has been leaked at all online.