- Report this article
In a leak that cybersecurity researchers are calling the largest of all time, almost 10 billion unique passwords have been posted to a hacking forum. Analysts at Cybernews warn that it increases the risk of "credential stuffing attacks," which have already targeted companies including Ticketmaster and Santander. The leak, known as RockYou2024, combines data from old breaches with 1.5 billion new, real-world credentials. It could enable "brute-force attacks," which use trial and error to rapidly test a large number of passwords and gain access to systems that aren't protected.
Editors’ Picks
-
Saanya Ojha
Saanya Ojha is an Influencer
Partner at Bain Capital Ventures
- Report this post
RockYou2024 - sounds like a tribute concert for Queen - but is unfortunately the name of the largest data leak of all time which exposed 10 billion (!) unique passwords to a hacking forum on July 4th. Cue the fireworks. 🎇 While some are consolidated from old leaks, 1.5 billion of them are brand, spanking new. ✨ The more time you spend in cybersecurity, the more you realize that we all just live on a hope and a prayer. With this breach, we are likely headed for a new wave of data breaches, financial frauds, and identity thefts. As an enthusiastic cybersecurity investor but incorrigible password re-user, I consider it my moral duty to issue a quick PSA to (1) change your passwords, (2) set up multi-factor authentication, and (3) use a password manager. 🔑 Quick 1-2-3 for good digital hygiene that can save you a lot of pain. Now excuse me as I go update all my passwords from 123456!
98
6 Comments
Like CommentTo view or add a comment, sign in
-
Wendi Whitmore
Palo Alto Networks Unit 42 | DHS Cyber Safety Review Board Inaugural Member | Duke University Cybersecurity Advisory Board | World Economic Forum Global Future Council on Cybersecurity
- Report this post
10 billion passwords sounds like a lot… and it is a lot. But I’d like to offer some perspective from Palo Alto Networks Unit 42 : This password list has been accumulating for over a decade. Yes, some of the data is real and current, but alarm bells shouldn't go off because of the sheer volume alone. It’s common for threat actors to post credentials to simply draw attention or sow fear, uncertainty and doubt.News like this further highlights the importance of proactive mitigative practices such as:- Strong password policies like the periodic rotation of credentials- Mandated lockout after failed attempts- Conditional remote access- Detection practices that focus on how adversaries would use this data (e.g., anomalous failed logins) in password sprays, stuffing and other similar activity- Multi-factor authentication- Monitoring for leaked data about your organization- Preparing to appropriately respond to leaked data with actions like quickly changing affected credentials, verifying potential malicious access and having a robust incident response plan in place should one occur Always look at news like this with a level head and a security-first mindset.#cybersecurity #passwords #cultureofsecurity https://lnkd.in/d5nBHJvJ
270
3 Comments
Like CommentTo view or add a comment, sign in
-
Kristen W. commented on this
Lise Patton
Cybersecurity Trusted Advisor
- Report this post
Passwords are a key element of cyber security, but only if you follow leading practices to ensure you aren't breached:- Use a complex password, a mix of upper and lower case letter & numbers, and symbols.- The longer the password the better it is.- Do NOT use the same password across multiple websites. You can use a password manager to help remember your passwords.- Change passwords regularly, even if you aren't forced to.- Whenever possible implement/use multi-factor authentication such as a text to your phone, or your finger print, or facial recognition.These practices will help ensure you are not on the list! You can check if your password is included in the hacker's list in the below article.#cybersecurity #hackers #passwords
53
41 Comments
Like CommentKristen W.
Cofounder & CEO @ Enzoic Cybersecurity | Block Compromised Credentials
From our perspective, much of the data appears redundant as it largely overlaps with the RockYou2021 dataset. While this figure from RockYou2024 may seem concerning initially, it primarily consolidates existing information already on the dark web and clear web. However, individuals should promptly change their passwords if they reuse them across different sites and enable MFA where available. Additionally, businesses and organizations need to conduct regular scans on employee and user accounts to detect compromised passwords.
To view or add a comment, sign in
-
Don Lupo
Digital Marketing, Agency Process and Profitability, Diversity Ally. Love all, serve all.
- Report this post
I cannot stress this enough: If you are not using a password manager such as Proton (with ProtonPass), LastPass, 1Password, or Bitwarden, it's a matter of time before you are hacked. Using a password manager that creates a unique password every time —which you do not have to remember — makes your online experience that much safer.When a breach happens, it's easy to update your passwords.And if you are still using the same password for everything... Wow. Good luck.https://lnkd.in/gr-pmyEv#security #onlinesafety #cybersecurity #passwords
134
61 Comments
Like CommentTo view or add a comment, sign in
-
💡 Jerod Brennen
💡 Jerod Brennen is an Influencer
Cybersecurity Career Coach 🧭 | vCISO & Executive Advisor 🛡️ | Empowering Organizations and Individuals to Flourish by Simplifying Cybersecurity 🤝
- Report this post
10... BILLION... passwords.rockyou2024.txt + John the Ripper or Hashcat + quantum computing... 🤯 If your organization hasn't already updated its password policies to align with National Institute of Standards and Technology (NIST)'s latest guidance (https://lnkd.in/gJK8_icU), and if you're not already exploring quantum resistant & post-quantum cryptography (https://lnkd.in/gWqPaYtS), you've got some catching up to do.#Hacking #Cybersecurity #InformationSecurity♻️ Repost this to help folks in your network! ♻️-------💻 Connect with me here on LinkedIn!👆Better yet, subscribe to my newsletter for even more content like this.
40
9 Comments
Like CommentTo view or add a comment, sign in
-
Lise Patton
Cybersecurity Trusted Advisor
- Report this post
Passwords are a key element of cyber security, but only if you follow leading practices to ensure you aren't breached:- Use a complex password, a mix of upper and lower case letter & numbers, and symbols.- The longer the password the better it is.- Do NOT use the same password across multiple websites. You can use a password manager to help remember your passwords.- Change passwords regularly, even if you aren't forced to.- Whenever possible implement/use multi-factor authentication such as a text to your phone, or your finger print, or facial recognition.These practices will help ensure you are not on the list! You can check if your password is included in the hacker's list in the below article.#cybersecurity #hackers #passwords
53
41 Comments
Like CommentTo view or add a comment, sign in
-
Rachel Clark
CEO @ SKADI Cyber Defense | Let's talk about how we can protect you with an affordable layered cybersecurity solution.
- Report this post
10 Billion compromised credentials are out there in one single data leak - outnumbering the world's population. A tempting feast for threat actors, with consumers and SMBs in their sights. Passwords, the current norm outside of early tech adopters, are losing their edge due to lax security practices. The need for complex, unique, and frequently changed passwords is evident now more than ever.To stay secure, consider leveraging a reliable password manager. Several options are available to enhance password protection. Cybersecurity can’t just be a single layer exercise. Not anymore.Password management firms, take heed! Enhancing password rotation features with a lens toward usability should top the priority list. Stay informed: [Link to the full article here] 👉
30
18 Comments
Like CommentTo view or add a comment, sign in
-
Kaushík Pał
Senior CTI Researcher
- Report this post
Another day, another overhyped leak. At least the name adds up, since it's nothing more than a wordlist to conduct brute-force.Remember, if you have strong collection capabilities, events like "361M combolist leak" or "10 billion passwords leaked" will leave you wondering how you already have that information, as you are already ingesting most of what's out there. These are nothing but compilations of data extracted from old leaks and logs.
51
5 Comments
Like CommentTo view or add a comment, sign in