UPDATE 7/16: No need to panic: The RockYou2024 database is mostly full of junk that's of little use to hackers, according to researchers (though it's always good to make sure you're not re-using passwords across multiple services).
Original Story:
Are you reusing your passwords across multiple sites? It's time to reconsider.
Researchers at Cybernews have uncovered a massive trove of nearly 10 billion passwords on a popular hacking forum in what they're calling "largest password compilation" ever.
The file, titled rockyou2024.txt, was posted on July 4 by someone going by the name ObamaCare and contains a mind-boggling 9,948,575,739 unique plaintext passwords. The user only joined the forum in late May, but they've posted data from other breaches, too.
According to Cybernews, this RockYou2024 file is "a mix of old and new data breaches." So it's not necessarily a new breach that ensnared 10 billion passwords. But compiling all these passwords into one massive, searchable database "substantially heightens the risk of credential stuffing attacks," Cybernews says.
Credential stuffing is when someone takes passwords obtained from one data breach and uses them to try to log into unrelated services. For instance, someone might use a password obtained from the AT&T breach to see if you use the same password for your bank account.
This isn’t the first RockYou password drop, but it is the largest. In 2021, RockYou2021 included 8.4 billion plain text passwords. Cybernews suspects the current file version contains a compilation of passwords obtained over the past 20 years, including those original 8.4 billion, so there’s a good chance at least one of your passwords is in it.
Cybernews has a Leaked Password Checker where you can plug in codes to see if they've been exposed. If you spot one, or just think one of yours may be weak, change it immediately to a strong password. Then, double-check your other accounts to make sure you're not reusing any passwords across services, and enable multi-factor authentication if it's offered. A password manager can help you keep things organized.