The “RockYou2024” data leak has exposed nearly 10 billion unique plaintext passwords. This breach, discovered by researchers and shared on a popular hacking forum, represents a dramatic increase in the threat of credential-stuffing attacks. The dataset, posted by a user known as “ObamaCare,” combines data from various breaches over the past two decades, with the addition of 1.5 billion passwords since a similar RockYou2021 compilation.
The exposed passwords pose significant risks, especially for users who reuse passwords across multiple accounts. Such large-scale leaks enable cybercriminals to perform brute-force attacks and credential stuffing, where they use the leaked passwords to gain unauthorised access to accounts.
Dr. Marc Manzano, general manager of cybersecurity at SandboxAQ, said, “It’s imperative for organisations to implement and enforce stringent password policies, educate users about the risks of password reuse, and put in action multi-factor authentication widespread adoption. Additionally, enhancing overall IT systems security by deploying modern cryptography management platforms will be crucial in defending against large-scale threats leveraging stolen passwords.”
While his colleague Chris Bates, chief information security officer (CISO), added, “Companies should assume all ..
Support the originator by clicking the read the rest link below.
