Upload a brief
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The RockYou2024 Password Leak - and Why Your Password is Probably On It

September 10, 2024
|
Cybersecurity
|
by
Chase Richards

For about a month now, a large online hacker community has had access to a text file containing several of your passwords. Especially some of the older ones.

What they don't necessarily have is any user names, email addresses or other personal information to connect it to your account. Yet.

What is the RockYou2024 Password Leak?

On July 4th a user on a hacking forum who called himself 'ObamaCare' posted a list containing 9.9 Billion (with a 'B') passwords. Just the passwords mind you, but an enormous list of them collected from some of the most popular online services on the web.

Ok, technically... only about 1.5 Billion of them are new. The leak is an update to the RockYou2021 password leak, which contained 8.4 Billion entries and was leaked in 2021. User 'ObamaCare' claims that they updated this list with several others that had been leaked since, as well as some passwords they had collected themself.

What Can They Do With It?

While the list contains only passwords dumped into a big text file, you can bet that if you use the same password on several popular sites it'll probably be on there. From there, getting into your accounts on places like Facebook, Gmail, iCloud, etc. is simply a matter of finding your username and brute-force trying the list of passwords until yours comes up.

While it isn't as straightforward as that for sites like Facebook, which have measures in place to prevent brute-forcing, the same isn't true of smaller online services which don't always have as tight security.

What Should You Do?

  1. Enable 2-factor authentication on any important service you use that contains your personal information
  2. Change your password every time you log in to anything for the next few weeks.

This applies to everyone. And that means everyone. There's very little chance one of your passwords isn't on that list so it just makes sense.

If you use a password manager like LastPass this makes it easier to do them all in one go. If your passwords are stored in your browser, it's a good idea to go through anything you've used in the last year or so and change them.

Yes it'll take some time and it's a hassle. But not nearly as much of a hassle as recovering a compromised Gmail account. Stay safe out there!

Like what you've read?

Then why not sign up for our newsletter! Keep up to date about the content your business needs to know.

Success! You are now subscribed to our newsletter!
Oops! Something went wrong while submitting the form.
Copyright © 2023 FreshConstruct Limited. All Rights Reserved.
Blog
Privacy Policy
Terms of Use
Cookie Policy (UK)