10 Billion Passwords Leaked On Hacker Site: USA Today

In the latest cybersecurity scare, a file with nearly 10 billion passwords has been posted to a hacking site. Researchers at Cybernews said they discovered the file, posted on July 4, with 9,948,575,739 unique plaintext passwords, Betty Lin-Fisher reported for USA Today.

The passwords on the document have likely been collected from more than 4,000 databases over the last 20 years,

Cybernews experts said they believe this data dump, called RockYou2024, is the largest password leak of all time.

"The Cybernews team believes that attackers can utilize the 10-billion-strong RockYou2024 compilation to target any system that isn’t protected against brute-force attacks. This includes everything from online and offline services to internet-facing cameras and industrial hardware," the online publication said in a report.

The 10 billion passwords included in a file uploaded by a user named ObamaCare are not all new, Cybernews said.

Cybernews said its team "cross-referenced the passwords included in the RockYou2024 leak with data from Cybernews’ Leaked Password Checker, which revealed that these passwords came from a mix of old and new data breaches."

The passwords on the document have likely been collected from more than 4,000 databases over the last 20 years,

"In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” Cybernews said.