RockYou2024 10 Billion Password Leak: What We Know

A password leak that affected 10 billion accounts has been reported, and it is considered the largest data breach of its kind in history. The password leak, known as the RockYou2024 leak, first hit the internet on July 4, and cybersecurity experts say that this breach has created a problem for professionals all over the world. Let’s take a look at what else we know about this latest cyberattack.

RockYou2024 Password Leak: All The Details

Cybernews reports that on July 4, a recently registered user on a well-known hacking site uploaded a file containing about 10 billion compromised credentials in plaintext.

“Xmas came early this year,” posted user “ObamaCare” on the forum. “I present you a new rockyou2024 password list with over 9.9 billion passwords!”

Additionally, the hacker forum user stated that they updated the older list with more recent password leak data from the previous three years using that older list. To produce RockYou2024, 1.5 billion more passwords have been added to the previous compilation.

This massive list of hacked passwords, known as RockYou2024, is an essential tool for hackers to use in a brute-force attack. A brute-force assault is a common hacking technique in which the attacker uses trial and error to determine the user’s password. When conducting a brute-force assault, hackers utilize automated programs that allow them to quickly attempt a large number of passwords in a short period of time.

A password leak this large allows hackers to have a nearly unlimited pool of passwords to try out.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” said the outlet’s researchers. “Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.”

The Latest Data Breach

The RockYou2024 password leak is just the latest of its kind. Back in April, Roku revealed that about 576,000 user accounts were hijacked, making it the company’s second security breach of the year.

In a blog post, Roku said that hackers used stolen login credentials to gain access to user accounts. Following a hack that affected 15,000 accounts earlier in the year, the breach was discovered during account monitoring. The hackers’ technique is called “credential stuffing,” in which they take advantage of compromised login and password information to access several accounts. This emphasizes how crucial it is to create distinct passwords for every online account, as advised by professionals.

Roku explained that its systems were not directly breached, stating that the credentials were probably taken via another platform’s data leak.

Although the hackers were able to get access to over 400 accounts in order to acquire Roku devices and streaming services, Roku guaranteed its customers that their sensitive financial information was safe.

Roku reset user passwords automatically as a precaution and said at the time that it intended to contact impacted users directly. The company also announced that it would implement two-factor authentication for all accounts in reaction to the security issue. Users will need to validate their logins on a backup device as part of this extra security measure.

“We sincerely regret that these incidents occurred and any disruption they may have caused. Your account security is a top priority, and we are committed to protecting your Roku account,” the company said in a statement. Nevertheless, Roku’s stock dropped by about 3% as a result of the disclosure.

Roku suggested creating unique passwords using a combination of letters, symbols, and numbers for customers who were serious about improving the security of their accounts. Users should also be on the lookout for phishing emails, internet scams, and shady requests for financial or login credentials.