Pierluigi Paganini July 08, 2024

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum.

The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum.

The compilation (“rockyou2024.txt”) contains 9,948,575,739 unique plaintext passwords was posted on July 4th by a user with the handle “ObamaCare.”

The experts believe the collection contains data from “old and new data breaches.”

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” CyberNews researchers explained.

Threat actors rely on password compilations like the RockYou2024 to carry out credential stuffing attacks and compromise users’ accounts.

The RockYou2024 compilation is an expansion of the RockYou2021 collection that was discovered in 2021.

RockYou2021 had 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches. The compilation has been named ‘RockYou2021’ by the forum user, presumably in reference to the RockYou data breach that occurred in 2009, when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text. 

Cybernews reports that attackers increased the dataset by 15% from 2021 to 2024, adding 1.5 billion passwords from various internet data leaks. The latest compilation likely contains data from over 4,000 databases collected over more than two decades, originating from the 2009 RockYou data breach that included tens of millions of social media account passwords.

Cybernews announced it will add data from RockYou2024 in the Leaked Password Checker, allowing users to check if their credentials were exposed.

“With RockYou2024, we witnessed a second record-breaking compilation leaked online in 2024. Earlier this year, Cybernews discovered the Mother of all breaches (MOAB), comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records.” concludes CyberNews.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, data breach)