Why the 10 Billion Leaked Passwords Could Compromise Your Accounts

Why the 10 Billion Leaked Passwords Could Compromise Your Accounts

There’s a good chance your passwords are part of a new password dump that was recently posted to a hacking forum – and we can assume it’s already in the hands of hackers and scammers. Called RockYou2024, this collection of passwords isn’t from a new leak or data breach but a compilation of nearly 10 billion passwords from previous leaks. It’s an update to a previous password compilation called RockYou2021, which contained 8.4 billion passwords. It demonstrates the scale of password theft: hackers have added around 1.5 billion compromised passwords to the list over the past three years.

Conceptual drawing showing a hacker with code in the background.

The sheer number of passwords available in RockYou2024 means it’s incredibly likely that some of your passwords are compromised. And even though these passwords aren’t accompanied by usernames, email addresses, or other information, that doesn’t mean they aren’t dangerous.

Hackers can use this list of passwords in credential stuffing attacks, trying to log on to websites by entering passwords on the list until one works. By combining these passwords with information about other breaches, which might contain account names and email addresses, hackers may be able to match passwords to users and, from there, start attempting to log on to your accounts.

Read more: Kaspersky Password Study Reveals 59% Are Crackable Within an Hour

So, how can you protect yourself from data leaks like RockYou2024? The best defense against credential stuffing attacks is using different passwords for every account you have and setting up two-factor authentication for every service that supports it. While unique passwords can be a big ask – particularly if you have hundreds of internet accounts you’ve already set up with the same or similar passwords – it’s essential for your online security.

Another option is to use passkeys. However, these don’t have broad support yet, and you may only be able to use them on a few sites that you regularly use. (Amazon, Apple, Google, and Microsoft all let you use passkeys instead of passwords.)

Read more: Passkeys: Use This Secure and Convenient Alternative to Passwords Now

With RockYou2024 sharing your old passwords, now is the time to go through all your accounts and update them to something new, using a password manager to help generate good, random passwords (and keep track of them). You’ll even find a password manager already built into your browser or OS for easy use: Apple and Google both offer convenient password managers.

Read our stories “New iCloud Passwords App Makes Login Sharing with Windows Far Easier” and “Everything You Need to Get Started with Google Password Manager” to get started.

[Image credit: hacker concept generated by Midjourney]

Elizabeth Harper is a writer and editor with more than a decade of experience covering consumer technology and entertainment. In addition to writing for Techlicious, she’s Editorial Director of Blizzard Watch and is published on sites all over the web, including Time, CBS, Engadget, and DealNews.

Source link


Leave a Reply

Your email address will not be published. Required fields are marked *