password esposte cosa succede come difendersi

Rockyou2024, almost 10 billion passwords published online: what happens and how to defend yourself

The researchers of Cyber ​​news they discovered what appears to be the largest password collection of all timeorganized in the file rockyou2024.txtwhich comprises 9,948,575,739 unique passwords made public last July 4th by an anonymous user of the ObamaCare Forum. The fact is very serious and could constitute a threat to each of us. The best way to defend oneself from Rockyou2024 is to immediately change your password, using new and more secure ones, as well as activate additional security systems on your accounts, such as two-factor authentication.

RockYou2024 is the biggest password collection ever

According to researchers at Cyber ​​news, Rockyou2024 represents the largest password collection ever. The user who posted the collection in the ObamaCare forum appears to have drawn from a «mix of old and new data breaches“. The file rockyou2024.txt it is in fact an “updated version” of the file rockyou2021.txtthe largest data breach so far in 2021, with 8.4 billion passwords made public. According to the analysis conducted by experts, the attackers developed the dataset by scouring the web and thus managed to add another 1.5 billion passwords in the last three years, thus increasing the dataset by 15%.

Regarding the incident, the researchers expressed concern about the potential effects that the data leak could have and stated:

In its essence, the leak of RockYou2024 is a collection of real passwords used by individuals all over the world. Revealing such a large number of passwords to threat actors significantly increases the risk of Credential Stuffing Attacks (a type of cyber attack that exploits the fact that people use the same credentials to log into multiple accounts, Ed.) Threat actors could exploit RockYou2024’s password compilation to conduct Brute force attacks and gain unauthorized access to various online accounts used by people using the passwords included in the dataset. Furthermore, in combination with other databases leaked on hacker forums and marketplaces, which for example contain users’ email addresses and other credentials, RockYou2024 may contribute to a cascade of data breaches, financial fraud and identity theft.

Post announcing the leak on a hacker forum
The post announcing the leak on a hacker forum. Credit: Cybernews.

How to Protect Yourself from Password Leak RockYou2024

Given the potential RockYou2024 Password Leak Dangerswe suggest you to Increase the security level of your accounts following the suggestions you find in the following handbook:

  1. Use strong passwords: A good password should be long, composed of numbers, letters (upper and lowercase) and symbols. Also, avoid using common words or obvious sequences, such as “password123” or “abc123” and, of course, do not use as a password any known data about you and your loved ones, including birth dates and various anniversaries.
  2. Use different passwords for each account: If you use the same password for all your accounts and it is unfortunately intercepted by cybercriminals, they could use it to easily break into all your accounts. Differentiating your passwords reduces the risk of multiple compromises.
  3. Update your passwords frequently: This will increase the security level of your accounts and drastically reduce the chances of suffering a data breach. Therefore, schedule a periodic update of all your passwords, for example every three months, to ensure continuous protection.
  4. Organize your account logins in a password manager: Instead of saving passwords using the browser’s built-in function, use real password managers, many of which also integrate functions for creating long and secure security keys.
  5. Enable two-factor authentication (2FA): This way, even if an attacker were to intercept one of your passwords, they will not be able to access any of your accounts, as they will need a second key to do so (usually a temporary code generated by special authentication apps, such as Google Authenticator) or sent via email or SMS. Enabling 2FA adds an additional layer of protection and makes it much more difficult for cybercriminals to violate your accounts.