Hacker leaks nearly 10 billion passwords in biggest haul ever, says report

A hacker has leaked nearly 10 billion passwords in what is being described as the largest data breach of its kind, according to a recent report. This leak represents a staggering new entry in the growing list of compromised personal information and credentials circulating on the internet.

Earlier this year, approximately 12 terabytes of data were leaked online, including nearly 26 billion digital records stolen from major platforms such as LinkedIn, Twitter, Weibo, and Tencent. Now, Cyber News reports that a user known as ‘ObamaCare’ has released a dataset titled ‘RockYou2024’ on a popular hacking forum. This dataset contains an astonishing 9,948,575,739 unique passwords and was posted on the forum this Thursday.

This isn't the first time ‘ObamaCare’ has been involved in such high-profile leaks. Previous releases from this user include an employee database from the law firm Simmons & Simmons, leads from the online casino AskGamblers, and applications from Rowan College at New Jersey.

‘RockYou2024’ Dataset Compiled Over Many Years

The Cyber News researchers who examined the dataset noted that it was compiled over more than a decade. This dataset is the third installment in a series, following the ‘RockYou2021’ dataset, which contained around 8.4 billion stolen passwords. The newly released dataset adds approximately 1.5 billion more passwords to this already extensive collection. The 2021 dataset itself was built upon a previous dataset released in 2009, which included tens of millions of user passwords for social media accounts.

Potential Threats from Leaked Passwords

Leaked passwords from such datasets can pose severe risks, including credential stuffing and brute force attacks. Credential stuffing involves using stolen passwords from one account to access other accounts, exploiting the common practice of reusing passwords across multiple platforms. Brute force attacks involve systematically guessing passwords through trial and error until the correct one is found.

Researchers from Cyber News warn that the vast ‘RockYou2024’ database could be used to target a wide range of services, from online platforms to offline services, internet-facing cameras, and industrial hardware. When combined with other leaked databases containing user email addresses and additional credentials, this dataset could contribute to a cascade of data breaches, financial fraud, and identity thefts.