Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
One of the biggest password compilations ever was leaked today. The file, which is titled RockYou2024.txt, contains a massive 9,948,575,739 unique plaintext passwords. It was posted by a forum user that goes by the name of "ObamaCare."
As reported by Cybernews (via TechTadar), the RockYou2024.txt file contains passwords stolen in a mix of old and new attacks. Three years ago, the RockYou2021 password compilation exposed 8.4 billion plain text passwords. Today's leak adds an extra 1.5 billion passwords.
What can criminals do with the RockYou2024 leak?
Like many data leaks, the RockYou2024 database lets potential criminals conduct brute-force attacks and get unauthorized access to online accounts exposed in the leak.
Brute-force refers to a technique hackers use to crack passwords by writing a program that automatically tries every single combination of letters and numbers. A simple password like "1234" can be cracked within seconds by a basic brute-force attack.
Additionally, the RockYou2024 leak can also make it easy for attackers to use a technique called credential stuffing. Credential stuffing is a form of brute-force password attack that takes advantage of people who recycle their login information, also known as password reuse.
In a credential-stuffing attack, cyber criminals take usernames and passwords that have been leaked in a data breach and start plugging them into other websites in the hopes of accessing poorly secured accounts.
It's similar to a brute-force attack in that cybercriminals will try multiple sets of credentials on multiple accounts. Fortunately, there are some steps you can take right now to protect yourself.
How to safely create and manage passwords
No one wants to have their passwords exposed online. Fortunately, Cybernews has created its own data leak checker to see if your credentials have been exposed. Likewise, the popular data leak site HaveIBeenPwned can show you if your records have been leaked.
Going forward, one of the biggest steps you can take to protect yourself is to always use strong, complex and unique passwords for all of your online accounts. While you can come up with passwords on your own, the best password managers can do this for you and store them securely in one place. Likewise, the best identity theft protection services can come in handy if you need to recover a stolen identity or money lost to fraud.
