Hackers just stole 10 billion unique passwords
You might want to sit down for this one. Hackers posted a file named RockYou2024[.]txt to a dark web forum on July 4. The file includes a mind-numbing 9,948,575,739 passwords.
Wondering if this attack puts you at risk? Yup, it does. The RockYou2024 leak is made up of passwords from both old and new data breaches.
Give ’em stuffin’ to talk about
Credential stuffing is no joke. This is when crooks take your leaked passwords and try to break into as many services, sites, accounts and apps as they can. They’re hoping you got lazy at least once and reused that password somewhere else.
Recent attacks on big names like Ticketmaster, Advance Auto Parts and Santander Bank were all the result of this technique. Any system that isn’t protected against brute-force attacks is at risk, and this goes beyond smartphones and computers. Even internet-connected cameras and industrial equipment are on the hackable list.
What are your next steps?
If you have time, visit Cybernews’ Leaked Password Checker to see if your passwords were exposed. HaveIBeenPwned is another option. Enter your email address into either one, and I’ll bet you’ll find yourself on the list.
Reset the passwords for every single account associated with those leaked passwords. Now, virtually shake my hand and promise me you won’t reuse your passwords — ever.
Your browser can help
Your browser’s password manager can alert you if your passwords have been involved in a breach. Here’s how to view or enable this feature in three popular browsers:
- Google Chrome: Password alerts are enabled by default. If you think you might’ve missed one, head to Google’s Password Manager and run a Password Checkup.
- Microsoft Edge: You’ll need to turn on Edge’s Password Monitor. To do this, go to Settings and more (the three-dot menu at the top right of your browser window) > Settings > Profiles > Passwords. Then, toggle on the switch for Show alerts when passwords are found in an online leak.
- Apple Safari: Password monitoring is on by default for browsers running on MacOS 14 or iOS 14 and later. To check for alerts on your iPhone or Mac, and to update any compromised passwords, go to Settings > Passwords > Security Recommendations > Change Password on Website.
Oh, and this is important to remember: Any random two-factor authentification (2FA) codes you receive via email or text that you didn’t ask for could mean someone is trying to access your accounts.
🔒 I’m willing to bet just about everyone you know is impacted by this latest password dump. Do your loved ones a favor and share these security tips.
Tags: Apple, Google Chrome, iPhone, Microsoft
Share:
