A hacker exposed nearly 10 billion passwords in what’s been dubbed as possibly the largest such leak of all time.
The user “ObamaCare” posted the passwords in a file titled “RockYou2024” to an online hacking forum on July 4, according to the Cybernews, raising the concern that other hackers could use the data for cyber attacks. The massive dataset adds 1.5 billion new plain text passwords obtained from data leaks to a previous compilation posted in the same forum in 2021, similarly titled “RockYou2021.”
“[C]ombined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” Cybernews analysts said.
Cyber attacks are proliferating. Data breaches hit an all-time high in 2023, according to MIT professor Stuart Madnick. In fact, ransomware attacks were up 70% in the first nine months of last year compared to the same time frame in 2022, an MIT report said. Reliance on cloud software and increasingly sophisticated ransomware have added to the issue.
So has generative artificial intelligence. AI has made it easier for bad actors to create ransomware. At the same time, it’s being used to help companies create better defenses against such threats.
By the numbers
9.9 billion: Passwords contained in the leak RockYou2024, consisting of 15% newly exposed passwords
8.4 billion: Passwords exposed by the file RockYou2021
$215 billion: Projected global spending on cybersecurity in 2024, according to data from the research firm Gartner cited by MIT