Hackers leak billions of passwords, raising cybersecurity concerns

| Updated: 10 July, 2024 7:50 pm IST

NEW DELHI: Almost 10 billion passwords have reportedly been posted on an online hacking forum, significantly increasing the risk of credential stuffing attacks, according to recent cybersecurity research.

The research was commenced by Cyber News, a global cyber security news and research platform. According to it, The world’s largest collection of stolen passwords has been uploaded to a notorious crime marketplace where cybercriminals trade such credentials. A hacker using the name ‘ObamaCare’ has posted a database allegedly containing almost 10 billion unique passwords, thought to have been collected from numerous data breaches over many years.

Credential stuffing involves hackers using one compromised password to gain access to multiple accounts, exploiting the common practice of reusing passwords across different platforms. This latest leak has intensified fears among cybersecurity experts.

These records are mainly stolen from major platforms like LinkedIn, Twitter, Weibo, and Tencent. The report further says that the latest dataset, named ‘rockyou2024,’ was posted on a popular hacking forum and includes 9,948,575,739 unique passwords.

‘ObamaCare’ the name that the person uses is not new to the job, previously the same name has been used to post stolen data online.

Cyber News also analysed the ‘rockyou2024’ dataset and revealed that it was compiled over more than a decade, incorporating both newly stolen and previously stolen passwords. This dataset is a successor to ‘RockYou2021,’ which contained around 8.4 billion passwords. The ‘RockYou2021’ dataset itself was built upon another dataset from 2009, which included tens of millions of passwords for social media accounts.

The massive scale of this leak poses significant threats to users’ security. Credential stuffing attacks allow cybercriminals to exploit stolen passwords to access other accounts, relying on the tendency of users to reuse passwords. Additionally, brute force attacks, which involve systematically guessing passwords and encryption keys, become more feasible with such extensive datasets.

Also Read Story

AAP accuses Delhi BJP MPs of demolishing slums, houses

Train derailment in UP’s Gonda leaves four dead, dozens injured

Two terrorists killed in Kupwara encounter

Two Army personnel injured in Doda encounter