Nearly 10 billion stolen passwords were leaked on a hacker forum

According to recent reports, nearly 10 billion stolen passwords were leaked onto a hacker forum. 9,948,575,739 unique, plaintext passwords were uploaded to the forum on July 4, 2024 with the file name rockyou2024.txt. It is believed that this compilation is building off of an earlier database of credentials, adding around 1.5 billion new passwords into the database.

 With so many passwords exposed, individuals or organizations that frequently reuse passwords may be at risk. Chris Bates, CISO at SandboxAQ, states, “Companies should assume all passwords are compromised and build the correct mitigating controls. Those include phishing resistant MFA, passwordless authentication, and behavior-based detection and response programs to detect malicious use.”

Some researchers question the value of the data added via rockyou2024.txt, asserting that much of the information may be useless to malicious actors. Nevertheless, individuals and organizations are encouraged to bolster their security measures now and in the future. 

“It’s imperative for organizations to implement and enforce stringent password policies, educate users about the risks of password reuse and put into action multifactor authentication widespread adoption,” says Dr. Marc Manzano, General Manager of Cybersecurity at SandboxAQ. “Additionally, enhancing overall IT systems security by deploying modern cryptography management platforms will be crucial in defending against large-scale threats leveraging stolen passwords.”