Current:Home > Stocks10 billion passwords have been leaked on a hacker site. Are you at risk? -ProfitLogic
10 billion passwords have been leaked on a hacker site. Are you at risk?
View
Date:2025-04-14 14:04:15
In the latest cybersecurity scare, a file with nearly 10 billion passwords has been posted to a hacking site.
Researchers at Cybernews said they discovered the file, posted on July 4, with 9,948,575,739 unique plaintext passwords.
More:AT&T says nearly all of its cell customers' call and text records were exposed in massive breach
Cybernews experts said they believe this data dump, called RockYou2024, is the largest password leak of all time.
"The Cybernews team believes that attackers can utilize the ten-billion-strong RockYou2024 compilation to target any system that isn’t protected against brute-force attacks. This includes everything from online and offline services to internet-facing cameras and industrial hardware," the online publication said in a report.
What is the RockYou2024 leak?
The 10 billion passwords included in a file uploaded by a user named ObamaCare are not all new, Cybernews said.
Cybernews said its team "cross-referenced the passwords included in the RockYou2024 leak with data from Cybernews’ Leaked Password Checker, which revealed that these passwords came from a mix of old and new data breaches."
The passwords on the document have likely been collected from more than 4,000 databases over the last 20 years, Cybernews said.
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” Cybernews said.
Credential stuffing is when hackers take information, such as passwords, from one data leak and attempt to log onto other websites, which can be very damaging to businesses and consumers, Cybernews said.
The recent wave of hacks targeting several sites including Ticketmaster were the result of credential stuffing attacks, said Cybernews.
Three years ago, a leak of 8.4 billion passwords called RockYou2021 was posted on a hacker site. At the time it was the largest password leak.
Cybernews said its analysis determined that the 10 billion leaked passwords in the RockYou2024 document included 1.5 billion new passwords leaked from 2021 through 2024.
Leak is the latest to share information already available
The 10 billion passwords leaked are a series of data dumps from previous hacks and are not new, but it is stil a big deal to have that many passwords in one document posted on the Internet, Scott Augenbaum, a retired FBI agent, cybercrime prevention trainer and author of The Secret to Cybersecurity, told USA TODAY.
"The big moral of the story is this needs to be a wake up call that no matter what a great job you do keeping yourself safe, someone's going to lose your user name and password," Augenbaum said, referring to companies whose sites are hacked.
The danger is that many people use very common passwords or if they're using a more difficult password or passphrase, they use the same one for multiple accounts, said Augenbaum. When those passwords are compromised, hackers can get into multiple accounts, he said.
"The passwords are out there,'' he said. "That means the cybercriminals right now are banking on the fact that they're going to capture one of your passwords. Are you using that same password for multiple platforms?"
It's important to have a different password for each account, said Augenbaum.
"This has an impact because just think about how many of our parents have the same password for multiple platforms or even our kids," he said. "This will have a greater ripple effect across consumers than anyone could imagine."
Augenbaum is particularly worried about the senior population, which is more likely to use the same password and could be vulnerable to scammers.
Cybersecurity:Data breaches and ID theft are still hitting records. Here's how to protect yourself.
How do I protect myself?
Here are five steps Augenbaum suggests consumers take to protect themselves:
- Reset All Passwords: Immediately change passwords for all accounts associated with the leaked passwords. Ensure each password is strong and unique. A good password should be at least 12 characters long and include a mix of letters, numbers, and symbols. You can check Cybernews' leaked password check at https://cybernews.com/password-leak-check/. Augenbaum suggests starting by putting in the passwords for your "mission critical" accounts such as banking and personal finance, email and social media. If your password is among those leaked, change it on all sites where you use it. You can also use https://haveibeenpwned.com/ to put in your email address to find out if your information has been in any data breaches and change passwords there.
- Enable Two-Factor Authentication (2FA): Wherever possible, enable 2FA, which prompts you to verify yourself on a second device. This adds an extra layer of security by requiring an additional verification step beyond your password.
- Use a Password Manager: Utilize password manager software to securely generate and store complex passwords. This reduces the risk of password reuse across different accounts.
- Beware of Account Compromise: Always verify suspicious emails, even if they appear to come from someone you know. Check for signs of phishing and avoid clicking on unexpected links or attachments.
- Educate and Encourage Safe Practices: Encourage your friends and family to adopt these security measures and stay on guard for social engineering attempts. Cybercriminals often exploit the weakest link and unprotected accounts can lead to further breaches.
Betty Lin-Fisher is a consumer reporter for USA TODAY. Reach her at blinfisher@USATODAY.com or follow her on X, Facebook or Instagram @blinfisher. Sign up for our free The Daily Money newsletter, which will include consumer news on Fridays,here.
veryGood! (93876)
Related
- Travis Hunter, the 2
- A month after cyberattack, Chicago children’s hospital says some systems are back online
- Spanish tourist camping with her husband is gang raped in India; 3 arrested as police search for more suspects
- Nebraska’s Legislature and executive branches stake competing claims on state agency oversight
- New Zealand official reverses visa refusal for US conservative influencer Candace Owens
- Denver Broncos to cut QB Russell Wilson, incurring record cap hit after two tumultuous seasons
- Bitcoin prices near record high. Here's why.
- 16 and Pregnant Star Sean Garinger Dead at 20 After ATV Accident
- Dick Vitale announces he is cancer free: 'Santa Claus came early'
- EAGLEEYE COIN: Prospects for the Application of Blockchain Technology in the Field of Internet of Things
Ranking
- North Carolina justices rule for restaurants in COVID
- OMG! Nordstrom Rack’s Spring Sale Includes up to 70% off Kate Spade, Free People, Madewell, & More
- EAGLEEYE COIN: Cryptocurrency Exchanges - Hubs for Secure and Trustworthy Digital Assets
- Democrats make play for veteran and military support as Trump homes in on GOP nomination
- Residents worried after ceiling cracks appear following reroofing works at Jalan Tenaga HDB blocks
- A New EDF-Harvard Satellite Will Monitor Methane Emissions From Oil and Gas Production Worldwide
- Iditarod champion Dallas Seavey kills moose in self-defense after incident with dog team
- Sen. John Thune, McConnell's No. 2, teases bid for Senate GOP leader
Recommendation
Charges tied to China weigh on GM in Q4, but profit and revenue top expectations
The EU fines Apple nearly $2 billion for hindering music streaming competition
Donald Trump wins North Dakota caucuses, CBS News projects
Of the Subway bread choices, which is the healthiest? Ranking the different types
Trump suggestion that Egypt, Jordan absorb Palestinians from Gaza draws rejections, confusion
Kristin Cavallari, Mark Estes and the sexist relationship age gap discourse
Hurt by inflation, Americans yearn for pensions in retirement. One answer may be annuities
Mark Harmon's 'NCIS' standout Gibbs is recast with younger actor for 'Origins.' Who is it?