"10 Billion Passwords Leaked on Hacking Forum"

According to security researchers at Cybernews, nearly 10 billion unique passwords have been leaked on a cybercrime forum, putting online users worldwide at risk of account compromise.  The researchers say they discovered the leak of 9.94 million plaintext passwords, described as the largest password compilation of all time.  It was posted on a popular hacking forum by a user named "ObamaCare" on July 4.  The researchers noted that this user, who only registered for the forum in late May 2024, has previously shared sensitive information accessed from breaches.  The file containing the passwords is titled "rockyou2024" and contains passwords from a mix of old and new data breaches.  The researchers noted that the attackers have essentially expanded a previous password compilation from 2021, titled RockYou2021, built from online data leaks.  The RockYou2021 file contained 8.4 billion passwords.  The new dataset expands this list with another 1.5 billion passwords added from 2021-2024, an increase of 15%.  The researchers believe the latest RockYou iteration contains information collected from over 4000 databases over more than two decades.  The researchers warned that the publicly available compilation puts affected users at risk of brute-force attacks, such as credential stuffing.

Infosecurity Magazine reports: "10 Billion Passwords Leaked on Hacking Forum"