‘Obamacare’: Why and how this may be the biggest password leak ever – ET CISO
https://etimg.etb2bimg.com/thumb/msid-111592680,imgsize-117696,width-1200,height=765,overlay-etciso/data-breaches/obamacare-why-and-how-this-may-be-the-biggest-password-leak-ever.jpg
Security researchers from Cybernews have reportedly discovered the RockYou2024 database on BreachForums containing an astounding 9,948,575,739 unique passwords. It is claimed to be the biggest collection of stolen and leaked credentials ever seen on the BreachForums criminal underground forum, reports Forbes.
Hacker named ObamaCare behind the leak
The database with file titled rockyou2024.txt, was posted on July 4th by forum user ObamaCare. As per Forbes, the RockYou2024 compilation comprises an earlier credentials database known as RockYou 2021 which featured 8.4 million passwords in 2021. The new database adds approximately 1.5 billion new passwords to it, taking the count to a staggering 9,948,575,739. Reportedly, the database cover leaked passwords from 2021 to 2024. It has been estimated that the latest credentials file contains entries from a total of 4,000 huge databases of stolen credentials covering at least two decades, Forbes report says.
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers said.
Possible implications of the leak
Credential stuffing attacks are one of the most common methods employed by both criminal and state-sponsored hackers. With the latest data leak, the risk of credential stuffing attacks increases. For those unaware, in credential stuffing attacks hackers use stolen login credentials to gain unauthorized access to accounts.“Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset,” the researchers explained.
Resetting the password, enabling two-factor authentication and using a password manager can be some of the preventive measures to protect against unauthorized account access.