New Security Alert: 10 billion stolen passwords exposed in massive leak

New Security Alert: 10 billion stolen passwords exposed in massive leak

Ozan Yalcin

The largest database of stolen passwords, containing nearly 10 billion unique records, has been leaked on a popular hacker forum. The Cybernews research group warns that this leak presents a significant threat to users who habitually reuse passwords.

What You Need To Know About The RockYou2024 Password Database

Cybernews security researchers have identified what they believe to be the largest aggregation of stolen and leaked credentials ever found on the BreachForums criminal underground forum. The RockYou2024 database reportedly includes an astounding 9,948,575,739 unique plaintext passwords. This compilation builds upon the previous RockYou 2021 database, which contained 8.4 billion passwords, incorporating around 1.5 billion new passwords. Spanning the years from 2021 to 2024, the latest credentials file is thought to contain data from a total of 4,000 massive databases of stolen credentials, covering at least two decades.

"The RockYou2024 leak essentially aggregates real-world passwords used by individuals globally," the researchers explained, adding that "exposing these passwords significantly increases the risk of credential stuffing attacks by threat actors.”

Credential stuffing attacks can be highly detrimental to both users and businesses. For instance, a recent series of attacks targeted prominent companies such as Santander, Ticketmaster, Advance Auto Parts, and QuoteWizard. These attacks were a direct consequence of credential stuffing efforts against the victims’ cloud service provider, Snowflake.

How to Protect Against RockYou2024

While there is no foolproof method to completely safeguard users whose passwords have been exposed, affected individuals and organizations should adopt mitigation strategies. The Cybernews research team recommends the following measures:

  1. Reset All Compromised Passwords: Immediately change the passwords for all accounts linked to the leaked passwords. It is crucial to choose strong, unique passwords that are not reused across multiple platforms.
  2. Enable Multi-Factor Authentication (MFA): Wherever possible, activate MFA. This adds an extra layer of security by requiring additional verification beyond just a password.
  3. Use Password Managers: Employ password manager software to securely generate and store complex passwords. Password managers help reduce the risk of password reuse across different accounts.

Why use a business password manager?

A business password manager like TransferChain Pass can significantly enhance a company's security capabilities with ease and efficiency. TransferChain Pass offers a secure and convenient solution for employees to manage and retrieve passwords.

Moreover, the adoption of TransferChain Pass brings not only enhanced security but also boosts operational effectiveness. It allows teams to share access credentials swiftly and securely. Additionally, the Autofill feature, which utilizes machine learning, automates the completion of online forms and login fields.

In an era where cybercrime is prevalent and reports of data breaches are frequent, employing a business password manager is an essential and obvious choice for any company aiming to thrive

How secure is TransferChain Pass?

TransferChain Pass provides the utmost security and privacy for password management.

Each password you save first undergoes client-side, end-to-end encryption. Next, your encrypted password is split on your device and divided across TransferChain’s distributed cloud architecture. Meanwhile, all metadata related to your transaction is authorized through the blockchain network.

Through TransferChain’s unique protocol, neither TransferChain nor any unauthorized third parties, be it potential bad actors or data centers, can access the user’s private and confidential data - at any given time.

You can check it out here now: