Security Researchers Find the Biggest Stolen Password Database With 10 Billion Passwords

• Security researchers discovered a file called rockyou2024.txt' that contained 9,948,575,739 stolen passwords on a criminal marketplace.
• The file was uploaded by a hacker named ObamaCare on July 4. The contents of the file were stolen through multiple data breaches over a period of at least two decades.
• Users are recommended to be cautious during the coming days. Update your old passwords, turn on multi-factor authentication and make sure all your accounts have a different unique password.

Researchers have discovered a file that contains 9,948,575,739 (almost 10 billion) unique plaintext passwords that were stolen over the years (at least two decades) through multiple security breaches. It is believed to be the biggest password cache ever uncovered.

On July 4, a file named rockyou2024.txt' was uploaded to an online criminal marketplace by a hacker who goes by the name ObamaCare. That's where it was first discovered by the cybersecurity researchers.

It was found that the file consists of an earlier database named RockYou 2021 which comprised about 8.4 million stolen passwords. This would mean that an additional 1.5 million passwords were added to it between the period of 2021 and 2024.

What Could Be the Consequences?

Needless to say, a file containing these many passwords is the dream of any hacker and hence a nightmare for all the users whose credentials had been compromised.

It can be used in brute-force attacks where the hackers will gain unauthorized access to various online accounts of the affected users. Data breaches, financial frauds, and identity thefts will become all too common.

A brute-force attack is a type of hacking method in which hackers keep stuffing passwords on a trial-and-error basis until they finally find the right match.

It's not just the online accounts, offline services are equally at risk, including internet-facing cameras and industrial hardware.

What Can the Users Do Now?

The only thing you can do if you believe your password has been stolen is protect all your accounts.

• We recommend changing old passwords to something new and strong. Make sure it's not similar to your old password.
• Ensure you use a combination of numbers, letters, and symbols in your passwords. Longer passwords with a good mix of these elements can take years to crack. For instance, a 12-character password with just lowercase and uppercase characters can take 300 years to get into.
• Also, make sure you are using unique passwords for every single account. This way even if one of your accounts is compromised, the others will remain safe.

You can also use password checkers to gauge the strength of your current password or simply use one of the best password managers around, which will suggest strong unbreakable passwords and also remember them for you. These managers also encrypt your passwords, making it difficult for hackers to read them even if servers are breached.

It's also a good time to use multi-factor authentication. Add extra layers of protection to your accounts so that one single compromised password can't give it away.

Security experts even advocate making two-factor authentication mandatory through a regulation across platforms.

Another alternative is going passwordless. If supported, you can turn on biometric login (Face ID or fingerprint) for your devices, which will do away with the need for traditional passwords.

All-in-all, it is high time you become more cautious of your password habits and secure your online accounts.

The post Security Researchers Find the Biggest Stolen Password Database With 10 Billion Passwords appeared first on The Tech Report.