RockYou2024: Hacker leaks compilation of almost 10 billion passwords


July 08, 2024

Promo Protect all your devices, without slowing them down.
Free 30-day trial
RockYou2024: Hacker leaks compilation of almost 10 billion passwords

If you think 2021 was a bad year for the security of internet users, think again.

Hackers have just leaked the most substantial compilation of stolen passwords to date, a jaw-dropping 9.9 billion to be exact, all in plain text.

What happened

According to researchers at Cybernews, on July 4, a hacker using the handle “ObamaCare” shared a file containing 9,948,575,739 unique plaintext passwords on a hacking forum.

The latest password dump looks like an updated version of the “RockYou2021” data leak collection that surfaced on the web in June 2021. At that time, the stolen password collection encompassed 8.4 billion unique passwords.

Cybercriminals have been busy expanding the database since 2021, adding 1.5 billion new and unique passwords to this cybercriminal gold mine.

“The team cross-referenced the passwords included in the RockYou2024 leak with data from Cybernews’ Leaked Password Checker, which revealed that these passwords came from a mix of old and new data breaches,” Cybernews researchers explained.

Source: Cybernews

“Xmas came early this year. I present you a new rockyou2024 password list with over 9.9 billion passwords! I updated rockyou21 with collected new data from recent leaked databases in various forums over this and last years. Also cracked some old ones with my new 4090. This contains actual new real passwords from users,” the hacker’s post reads.

How can this massive password dump impact the security of users?

Passwords are the gatekeepers to your online accounts (social media platforms, banking or financial services, and everything in between).

Armed with a freshly curated list of passwords, cybercriminals can begin targeting billions of online accounts with brute-force attacks to take over accounts, steal money and conduct identity theft.

The risks increase sevenfold for users with poor password hygiene, especially those who use the same password for multiple online accounts.

Bitdefender’s 2024 Consumer Cybersecurity Assessment Report puts these risks into perspective, noting that “password management remains one of consumers’ weakest points, with 37% of netizens writing down their passwords, 18.7% using the same password for three or more accounts, and 15.8% using the same password for at least two accounts.”

Ultimately, this means cybercriminals can use one leaked password to attempt to compromise users’ digital well-being on multiple apps, websites, and platforms.

What should users do?

The security of our data is not always under our control. We trust companies, service providers, and platforms to keep our credentials safe. Given the unsettling state of data breaches, it all comes down to users’ proactive measures and vigilance to thwart cybercriminal attacks.

To start, you can:

  • Reset passwords for all accounts that use the same credentials (email and password).
  • Enable 2FA and MFA wherever possible to add an extra layer of security
  • Use a password manager to generate secure, complex, and unique passwords for your accounts, hassle-free.

Bitdefender’s multi-platform password manager offers multiple benefits, including automatic password leak alerts to immediately notify you if your passwords and emails are exposed online.

We strongly encourage you to use a digital identity protection service to monitor your online identity and get real-time alerts about data breaches and leaks involving your online identity and information.

Bitdefender Digital Identity Protection is a comprehensive identity protection service that lets you:

- Immediately react to data breaches and privacy threats. Instant alerts let you take swift action to prevent damage, such as changing passwords via 1-click action items.

- Real-time monitoring. The service continuously scans the internet and dark web for your personal information. You will receive alerts whenever your data is involved in a data breach or leak.

- Peace of mind. The service immediately flags suspicious activity and actively monitors personal information for peace of mind.

- Get a 360° view of all your personal data. You can see your digital footprint, including traces from services you no longer use but still have your data, and even send requests for data removal from service providers.




Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like