Experts say that passwords cannot guarantee 100% Internet security, but they are still a key pillar of most people’s digital protection. That’s why the recent posting of a database containing nearly 10 billion passwords has caused alarm in security circles. Here are some tips for determining if your password is one of them and how to strengthen your defenses.
Last week, a user with the handle “ObamaCare” posted what cybersecurity experts believe is the largest set of passwords ever posted to a hacking forum. The file, titled rockyou2024.txt, contains 9,948,575,739 unique plaintext passwords. ObamaCare has a history of data leaks, including employee databases from law firm Simmons & Simmons, lead data from online casino AskGamblers, and student applications to Rowan University in Burlington County.
“Christmas came early this year,” ObamaCare wrote on the forum. “I present to you the new rockyou2024 password list with over 9.9 billion passwords!”
Cybernews determined that these passwords came from old and new data breaches built on a previous “RockYou2021” compilation of 8.4 billion passwords.
According to Verizon’s 2021 Data Breach Investigations Report, 61% of breaches stemmed from leveraged credentials. Google Cloud’s 2023 Threat Horizons report puts that percentage even higher, finding that 86% of breaches involved stolen passwords. Both online and offline services, as well as Internet-connected cameras and industrial hardware, are at risk. Worse yet, RockYou2024 could facilitate a wave of data breaches, financial fraud, and identity theft when combined with other leaked databases containing email addresses and credentials.
Cybernews has an online tool to help users check for leaked passwords. The Leaked Password Checker allows people to enter their password to see if it has been leaked in any documents, including RockYou2024. Additionally, Have I Been Pwned has a similar lookup tool to check if your email address or password was part of a data breach?
If your password is exposed, change it immediately and create a separate password for each account. Other security tips include enabling multi-factor authentication, requiring additional verification beyond the password, and using a password manager. These tools can generate and store complex passwords for you, reducing the risk of password reuse.