On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches.<\/p>\n
The list is referred to as RockYou2024 because of its filename, rockyou.txt.<\/p>\n
To cybercriminals the list has some value because it contains real-world passwords. This means if an attacker tried this list of passwords to try to break into an account (known as a brute force attack) they’s be more likely to get in than just trying a list of any old letters and words. However, it’s highly unlikely that there are any services or websites that would allow anyone to try such an enormous number of passwords, so it’s really only useful to attackers who have stolen a password database and are trying to crack its passwords offline, on their own computer.<\/p>\n
Another possible use for cybercriminals is to combine the list with data from other breaches, such as combinations of usernames and passwords, which could get results if the password has been reused. If the cybercriminals also have a list that contains hashed passwords, they could even try to match the hash values of the passwords.<\/p>\n
Having the actual password makes an attack a lot easier than when you\u2019re trying a pass-the-hash attack, where an attacker tries to authenticate to a remote server or service by using the hash of a user\u2019s password. However, this only works on services that are vulnerable to pass-the-hash attacks, instead of requiring the associated plaintext password as is normally the case.<\/p>\n
To cut a long story short, if you don\u2019t reuse passwords and never use \u201csimple\u201d passwords, like single words, then this release should not concern you. If you use multi-factor authentication (MFA), and you should everywhere you can, there’s also no reason to worry about this.<\/p>\n
Malwarebytes has a free tool for you to find out how much of your personal data has been exposed online. Submit your email address (it\u2019s best to give the one you most frequently use) to our free Digital Footprint scan and we\u2019ll give you a report and recommendations.<\/p>\n