Nearly 10 billion passwords stolen by hackers — how to protect yourself

News
By
published

Everything you need to know about the RockYou2024 leak

An open lock depicting a data breach
(Image credit: Shutterstock)

One of the biggest password compilations ever was leaked today. The file, which is titled RockYou2024.txt, contains a massive 9,948,575,739 unique plaintext passwords. It was posted by a forum user that goes by the name of "ObamaCare."

As reported by Cybernews (via TechTadar), the RockYou2024.txt file contains passwords stolen in a mix of old and new attacks. Three years ago, the RockYou2021 password compilation exposed 8.4 billion plain text passwords. Today's leak adds an extra 1.5 billion passwords. 

What can criminals do with the RockYou2024 leak?

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

Like many data leaks, the RockYou2024 database lets potential criminals conduct brute-force attacks and get unauthorized access to online accounts exposed in the leak. 

Brute-force refers to a technique hackers use to crack passwords by writing a program that automatically tries every single combination of letters and numbers. A simple password like "1234" can be cracked within seconds by a basic brute-force attack.

Additionally, the RockYou2024 leak can also make it easy for attackers to use a technique called credential stuffing. Credential stuffing is a form of brute-force password attack that takes advantage of people who recycle their login information, also known as password reuse.

In a credential-stuffing attack, cyber criminals take usernames and passwords that have been leaked in a data breach and start plugging them into other websites in the hopes of accessing poorly secured accounts.

It's similar to a brute-force attack in that cybercriminals will try multiple sets of credentials on multiple accounts. Fortunately, there are some steps you can take right now to protect yourself.

How to safely create and manage passwords

No one wants to have their passwords exposed online. Fortunately, Cybernews has created its own data leak checker to see if your credentials have been exposed. Likewise, the popular data leak site HaveIBeenPwned can show you if your records have been leaked.

Going forward, one of the biggest steps you can take to protect yourself is to always use strong, complex and unique passwords for all of your online accounts. While you can come up with passwords on your own, the best password managers can do this for you and store them securely in one place. Likewise, the best identity theft protection services can come in handy if you need to recover a stolen identity or money lost to fraud.

See more Computing News
Louis Ramirez
Louis Ramirez

As deals editor-in-chief at Tom’s Guide, Louis is constantly looking for ways to avoid paying full price for the latest gadgets, appliances, and apparel. With over 10 years of deals-hunting experience, Louis price checks against multiple retailers and searches high and low for the best deals to bring readers. He's also always on the look out for the best coupon codes to use when shopping. A born-and-bred New Yorker, Louis is also an avid swimmer and marathoner. His work has appeared on Gizmodo, CNET, and Time Out New York.

Read more
A picture showing different credit cards stacked on top of each other on a table
5 million Americans just had their credit card details leaked online — what to do now
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
Screen graphic showing data breach warning
5 worst data breaches of 2024 — including the mother of all breaches
An open lock depicting a data breach
The top 10 data breaches of 2024
An open lock depicting a data breach
12 million hit in Zacks Investment data breach — how to protect yourself now
A phone in hand showing the LastPass logo
Millions stolen from LastPass users in massive attack — what you need to know
Latest in Online Security
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
An Android bot next to an Android TV remote
Millions of Android TVs hijacked in massive botnet — how to see if yours is at risk
Poster of Elon Musk saying "I am stealing from you"
Elon Musk's DOGE blocked from accessing your data – and 3 in 4 Americans agree
A fake text message on a smartphone being held by both hands.
Toll road scams are worse than ever — what to look for and how to stay safe
A phone with Google Search open on screen
Google just made it easier to remove your personal info from search results — here's how to do it
Latest in News
close-up on cameras in a leaked Google Pixel 9a render
Google Pixel 9a rumors — what Google’s planning as the iPhone 16e and Nothing Phone 3a ramp up the pressure
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 6 (#634)
Galaxy Z Fold 6 shown in hand
Samsung just killed the crease with this breakthrough foldable phone display
Sam Altman
ChatGPT-4.5 delayed in surprise announcement — and it could launch with a controversial new payment model
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Switch 2 console and logo
Nintendo Switch 2 — analyst just tipped release window
More about online security
Green skull on smartphone screen.

Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
IdentityForce logo

IdentityForce UltraSecure+Credit review
Philips-TA8506

I just tested these noise cancelling headphones — and they're shockingly good for under $150

See more latest
Most Popular
close-up on cameras in a leaked Google Pixel 9a render
Google Pixel 9a rumors — what Google’s planning as the iPhone 16e and Nothing Phone 3a ramp up the pressure
Hulu's getting Parasite
7 best Bong Joon-ho movies, ranked
MacBook Air M4
I review laptops for a living, and I think the MacBook Air M4 could be the best bargain of the year
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 6 (#634)
Galaxy Z Fold 6 shown in hand
Samsung just killed the crease with this breakthrough foldable phone display
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #368 (Thursday, March 6 2025)
Sam Altman
ChatGPT-4.5 delayed in surprise announcement — and it could launch with a controversial new payment model
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Switch 2 console and logo
Nintendo Switch 2 — analyst just tipped release window
'Deli Boys' stars (from left) Saagar Shaikh as Raj, Asif Ali as Mir and Poorna Jagannathan as Lucky
How to watch 'Deli Boys' online – stream the criminal chaos online from anywhere in the world