Nearly 10 billion passwords stolen by hackers — how to protect yourself

An open lock depicting a data breach
(Image credit: Shutterstock)

One of the biggest password compilations ever was leaked today. The file, which is titled RockYou2024.txt, contains a massive 9,948,575,739 unique plaintext passwords. It was posted by a forum user that goes by the name of "ObamaCare."

As reported by Cybernews (via TechTadar), the RockYou2024.txt file contains passwords stolen in a mix of old and new attacks. Three years ago, the RockYou2021 password compilation exposed 8.4 billion plain text passwords. Today's leak adds an extra 1.5 billion passwords. 

What can criminals do with the RockYou2024 leak?

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

Like many data leaks, the RockYou2024 database lets potential criminals conduct brute-force attacks and get unauthorized access to online accounts exposed in the leak. 

Brute-force refers to a technique hackers use to crack passwords by writing a program that automatically tries every single combination of letters and numbers. A simple password like "1234" can be cracked within seconds by a basic brute-force attack.

Additionally, the RockYou2024 leak can also make it easy for attackers to use a technique called credential stuffing. Credential stuffing is a form of brute-force password attack that takes advantage of people who recycle their login information, also known as password reuse.

In a credential-stuffing attack, cyber criminals take usernames and passwords that have been leaked in a data breach and start plugging them into other websites in the hopes of accessing poorly secured accounts.

It's similar to a brute-force attack in that cybercriminals will try multiple sets of credentials on multiple accounts. Fortunately, there are some steps you can take right now to protect yourself.

How to safely create and manage passwords

No one wants to have their passwords exposed online. Fortunately, Cybernews has created its own data leak checker to see if your credentials have been exposed. Likewise, the popular data leak site HaveIBeenPwned can show you if your records have been leaked.

Going forward, one of the biggest steps you can take to protect yourself is to always use strong, complex and unique passwords for all of your online accounts. While you can come up with passwords on your own, the best password managers can do this for you and store them securely in one place. Likewise, the best identity theft protection services can come in handy if you need to recover a stolen identity or money lost to fraud.

Louis Ramirez

As deals editor-in-chief at Tom’s Guide, Louis is constantly looking for ways to avoid paying full price for the latest gadgets, appliances, and apparel. With over 10 years of deals-hunting experience, Louis price checks against multiple retailers and searches high and low for the best deals to bring readers. He's also always on the look out for the best coupon codes to use when shopping. A born-and-bred New Yorker, Louis is also an avid swimmer and marathoner. His work has appeared on Gizmodo, CNET, and Time Out New York.