Hacker Leaks Collection of 10 Billion Passwords From Users Worldwide

A hacker under the user name ObamaCare posted on an underground hacker forum a compilation of 9,948,575,739 passwords in plaintext through a file titled “rockyou2024.txt” on July 4th.

The leak has been discovered by researchers at Cybernews, who consider this to be the largest password compilation leak in history. Cybernews researchers used their site’s Leaked Password Checker and confirmed that the document contains login details from users from all over the world collected from old and recent data breaches.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” said researchers from Cybernews. “Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset.”

It’s not the first time this hacker has revealed databases. According to the researchers, even though the account ObamaCare was created in May this year, the user had already shared sensitive information from Simmons & Simmons, AskGamblers, and Rowan College at Burlington County.

A similar collection was leaked three years ago, the RockYou2021 collection contained 8.4 billion passwords. The new database, RockYou2024, includes the previous leak data plus 1.5 billion passwords collected from the past three years. Hackers have been piling up information for years—another RockYou leak was reported in 2009— for these leaks.

Another massive data breach—from different hackers— including Snowflake’s clients like Santander and Ticketmaster was reported just a few weeks ago. However, these recent events should not be feared.

According to security experts interviewed by Forbes, even though RockYou2024 seems massive and is an unfortunate situation, users shouldn’t panic. Experts recommend people to update passwords, add a two-step verification system—multi-factor authentication is crucial to maintain personal and organizational safety—, and use password managers.