Hacker
x
Representational image: iStock

995 crore passwords leaked in ‘world’s largest’ data breach: Report

The file with the data, titled rockyou2024.txt, was posted on July 4


Nearly 995 crore passwords, in plain text format, have been leaked online by a hacker, who goes by the name ‘ObamaCare’, according to a media report.

A report on Cybernews said that researchers discovered what appears to be the largest password compilation with a staggering 9,948,575,739 unique plaintext passwords. The file with the data, titled rockyou2024.txt, was posted on July 4.

While the user registered in late May 2024, they have previously shared an employee database from the law firm Simmons & Simmons, a lead from an online casino AskGamblers, and student applications for Rowan College at Burlington County, it added.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers at Cybernews said.

“Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset,” they explained.

As per a report on Forbes, quoting security researchers, this the “world’s largest collection of stolen passwords” that have been uploaded to an infamous crime marketplace where cybercriminals trade such credentials”.

These unique passwords have been collected from numerous data breaches and hacks across many years, the report added.

In a statement to Forbes, Cybernews’s spokesperson said that the hacker provided “proof” of around 30 GB of combo lists from which the data was extracted.

The spokesperson said, “Our researchers have been in contact with the threat actor who published the file with the data and provided proof of around 30 GB of combo lists from which data was extracted. However, our research team did not investigate all of the datasets thoroughly.

“Nonetheless, researchers were able to map the values between the provided combo lists and a part of the RockYou dataset with a 100% match. Our aim is to inform the public about potential risks, not to pass the dataset to threat actors for use. Thus, we cannot confirm or deny your mentioned claims from other hackers/researchers.”

Read More
Next Story