A hacker just leaked 10 billion passwords
A new treasure trove of leaked passwords, charmingly named "RockYou2024," has popped up on a forum. Here's your action plan.
Boris WeberTurns out, hacking into an account does not always require some wizard-level skills. Sometimes, it's as easy as grabbing leaked info and splattering it all over the internet. That's why dumping massive password collections is so dangerous – cue the alarm bells over nearly 10 billion passwords being released.
RockYou2024, which showed up on a forum on July 4, contains a whopping 9.94 billion leaked passwords. This mega collection includes entries from the old RockYou2021 stash, plus data from recent breaches and leaks, and even some cracked by the poster.
You can dive into the nitty-gritty details of RockYou2024 in the according Cybernews report, but here’s the TL;DR: Secure your accounts immediately.
If you have not checked and updated your passwords for compromised accounts already or if you are guilty of reusing passwords, you are basically putting out a welcome mat for credential stuffing. This means some bored hacker can find your leaked credentials online and start testing them on various accounts. Fun times.
To better protect yourself, you should take these steps now
Use a unique, random, and strong password for each account. Strings of characters that aren't easy to guess are best - not logical phrases or proper nouns!
Get a recommended password manager now. Good passwords are hard to remember, especially if you have a lot of them. A password manager can help you keep track of your entire collection and make it easier to enter longer, complex passwords into login forms. Dedicated password managers are more flexible and have more features, but those included with an antivirus suite or the built-in password managers from Apple, Google, and Microsoft are also useful.
Read more about our recommended password managers here.
Set up two-factor authentication for your accounts, if available. This gives you another layer of protection to thwart credential-filling attacks. Since they can't pass this second security check, hackers can't log in as you. Today, one-time passcodes generated by an app offer the best balance of simplicity and security, but you can also use hardware dongles as a stronger option.
Switch to passkeys. Two-factor authentication improves password security, but it's not foolproof, as some 2FA methods are vulnerable to phishing attacks. You can get around this problem by using passkeys to log into an account instead. By design, they're inherently unique, don't require you to remember any information, and can't be forged. If a hacker steals a website's login credentials, that data can't be used to get into that or any other website.
About Author
Boris Weber
I am an editor at UpdateStar. I started as a support engineer, and am now specialized in writing about general software topics from a usability and performance angle among others. I telecommute from UpdateStar’s Berlin office, when I am not working remote as a digital nomad for UpdateStar.