2 min Security

Ten billion passwords dumped on hacker forum BreachForums

Ten billion passwords dumped on hacker forum BreachForums

Hackers recently posted a dump of nearly 10 billion passwords in plaintext on the hacker forum BreachForums. The file’s extreme size allows hackers to misuse commonly used passwords more easily.

The dump of nearly 10 billion passwords into the plaintext file ‘Rockyou2024.txt’ on BreachForums was reported by Cybernews last week. The poster responsible for this file, ObamaCare, referenced the name of this file to an earlier extremely large password dump, Rockyou2021, on the same hacker forum.

That earlier dataset also included a large file of 8.4 billion leaked passwords in plaintext. Rockyou2021 is itself another expansion of a 2009 dataset containing several tens of millions of leaked passwords.

Mix of old and new data

According to experts, the latest password dump combines old and new data. The existing Rockyou2021 dataset has been enriched with about 1.5 billion ‘new’ leaked passwords, increasing its size by 15 percent. The information reportedly came from 4,000 databases around the world.

Brute force attacks most logical

According to Cybernews, Rockyou2024 can be used to attack all systems that are not (adequately) protected against brute force attacks, especially by combining passwords with other hacking data or methods. This ranges from on- and offline services to Internet-connected cameras and OT systems.

Of course, users who use the same passwords for multiple services are especially at risk, especially if hackers focus on attack methods such as credential stuffing.

Experts recommend taking the necessary measures. Consider completely changing all passwords and avoiding using the same password for multiple services. Enabling two-factor authentication and using password managers to store and generate passwords are also important to arm systems and environments against possible breaches.

Also read: What is ‘credential stuffing’ and how do you defend against it?