3,557
online users
thotties       tv/movies       gaming       gear       tech       guap       rides       eats       health       bxwf       misc

Jul 10 - 10 Billion Passwords Leaked: RockYou2024 Sparks Security Concerns


icon

more
ADVERTISEMENT
 
topics gone triple plat - Number 1 spot 3X PLAT



section  1   0 bx goons and 1 bystanders Share this on Twitter       Share this on Facebook
 

section news
  

 2 weeks ago '10        #1
1752 page views
39 comments


Shhon  topics gone triple plat - Number 1 spot x5
avatar
Props total: 58176 58 K  Slaps total: 5103 5 K
@ 05:29 AM 07-10-2024 [emoji] Jul 10 - 10 Billion Passwords Leaked: RockYou2024 Sparks Security Concerns
 

 
image




 https://www.entrepreneur. .. history/476841
 https://news.clearancejob .. rity-concerns/

Peter Suciu / Jul 9, 2024

Nearly 10 billion unique plaintext passwords were leaked to a popular hacking forum on the Fourth of July. The list has earned the fitting moniker “RockYou2024” from its filename, “rockyou.txt.” The file is essentially a compilation of passwords that were gathered by a forum user known only as “ObamaCare,” and it contained passwords that came from old and new data breaches.

As a result many may have already been changed, yet researchers warn that it could still be a treasure trove for bad actors.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers at Cybernews explained. “Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset.”

This is also the second time such a compilation of passwords has made the rounds on the dark web. RockYou2021, which appeared three years ago – and was the largest illicit database of passwords at the time – consisted of around 8.4 billion. This new leak is an updated and enlarged list of passwords.

The number of passwords is significant, but researchers have also suggested that size shouldn’t be employed to gauge the seriousness of this leak.

“While the RockYou2024 leak is massive, it’s not unprecedented given the recent MOAB (Mother of All Breaches) leak,” said Ted Miracco, CEO of mobile security provider Approov.

“However, it reinforces a critical lesson: password protection alone is woefully inadequate in today’s threat landscape, especially for APIs and mobile apps,” Miracco told ClearanceJobs. “Leaks like these can expose financial and healthcare data that can be utilized for identity theft, financial fraud, blackmail, or other forms of exploitation.
HOW SIGNIFICANT IS THE DAMAGE?
The greatest threat could be to those who use the same or even similar passwords on multiple devices and multiple websites and apps. It therefore serves as a reminder to use unique passwords and to change them frequently.

“The biggest significance of this leak is to serve as a reminder that the security of something you think is private – a password – is a shared responsibility between you and the technology vendor. To the best of your ability use longer passwords, don’t use the same password with different services, and periodically review and delete unused accounts,” suggested Evan Dornbush, former NSA cybersecurity expert.

The actual utility for hackers thus far is likely minimal Dornbush told ClearanceJobs. But that doesn’t mean that the threat should be ignored – which a lot of users likely did three years ago!

“The magic of the original ‘rockyou’ was in that it created a list of common passwords for attackers to try,” added Dornbush. “This list shows that those common passwords are still common. It also shows that hard to crack passwords are still for many, hard to crack.”
MORE TO COME?

The biggest takeaway from this leak is that we need yet another reminder that not enough is likely being done to protect our digital footprints. This is something that needs to be done at all levels, by the various platforms and users alike.

“It’s crucial for companies to implement more robust API security measures to protect this sensitive data, and for users to be cautious about reusing passwords and failing to implement MFA and other advanced security measures,” said Miracco.

“It’s crucial to emphasize that many devices, especially in the Internet of Things (IoT) ecosystem, are woefully unprepared for the onslaught of credential stuffing attacks this leak enables. Smart cameras, thermostats, door locks, and other connected devices often lack robust security features,” Miracco continued. “The sheer volume of credentials exposed means that even if only a small percentage (of passwords) are current and valid, millions of devices could be compromised.”

Moreover, this leak isn’t just a threat to personal accounts, as all it takes is one weak link for a network to be compromised.

“We should expect both sophisticated nation-state actors and individual hackers to exploit these vulnerabilities aggressively,” warned Miracco. “Nation-states might use this data for large-scale surveillance or as part of broader cyber warfare strategies. Individual hackers could target everything from home security cameras to smart city infrastructure.”
emoji
+1   



icon
best
icon
worst
39 comments

 2 weeks ago '20        #2
Bighempin  topics gone triple plat - Number 1 spot x8
Props total: 26148 26 K  Slaps total: 3757 3 K
The internet is such a dumb place.
+9   

 2 weeks ago '21        #3
I am awake 
Props total: 20529 20 K  Slaps total: 6314 6 K
 Bighempin said
The internet is such a dumb place.
And yet here we are..
+17   

 2 weeks ago '24        #4
BigSticks 
Props total: 5044 5 K  Slaps total: 1849 1 K
Where can I download I been trying to acesss one of my accounts for awhile lmao
+12   

 2 weeks ago '05        #5
Y.G. 
Props total: 36898 36 K  Slaps total: 6439 6 K
Highly recommend everyone use a password manager like Bitwarden (to avoid password reuse) and also enable 2FA on every account that allows it.
+11   

 2 weeks ago '19        #6
zzxxccvvbb 
Props total: 59673 59 K  Slaps total: 6989 6 K
Max out your credit cards and destroy your credit before the bad guys can
emoji
+7   

 2 weeks ago '10        #7
Shhon  topics gone triple plat - Number 1 spot x5 OP
Props total: 58176 58 K  Slaps total: 5103 5 K
 Y.G. said
Highly recommend everyone use a password manager like Bitwarden (to avoid password reuse) and also enable 2FA on every account that allows it.




"you cant hack a piece of paper" ....
+10   

 2 weeks ago '06        #8
kip99 
Props total: 23575 23 K  Slaps total: 2624 2 K
Definitely airgap whats important.
+1   

 2 weeks ago '05        #9
Y.G. 
Props total: 36898 36 K  Slaps total: 6439 6 K
 Shhon said



emoji
"you cant hack a piece of paper" ....
That would only be good for home use. Anywhere outside of that (office, school, public, etc.) would be turrible opsec.
+2   

 2 weeks ago '13        #10
mkhrt92 
Props total: 75288 75 K  Slaps total: 16178 16 K
And people laugh at my post it note on my CPU.
+1   

 2 weeks ago '05        #11
ice wolf  topics gone triple plat - Number 1 spot x38
Props total: 46132 46 K  Slaps total: 21998 21 K
2fa >>>>>>>>>>>>>>>>>>>>>>>>.

 2 weeks ago '10        #12
Shhon  topics gone triple plat - Number 1 spot x5 OP
Props total: 58176 58 K  Slaps total: 5103 5 K
 Y.G. said
That would only be good for home use. Anywhere outside of that (office, school, public, etc.) would be turrible opsec.
you can code user names and passwords on paper, like not the actual username/password but the paper tells you what you personally need to know to know ...
emoji




then bring that password book in your lunch bag or backpack...
emoji



if anyone finds it, in a drastic situation, they wont have the actual information.



online electronic password managers are fu#king wild to me
emoji
+4   

 2 weeks ago '04        #13
kalico17  topics gone triple plat - Number 1 spot x1
Props total: 7406 7 K  Slaps total: 1014 1 K
 Y.G. said
Highly recommend everyone use a password manager like Bitwarden (to avoid password reuse) and also enable 2FA on every account that allows it.
This

Bitwarden to generate everything
2FA on all accounts
+3   

 2 weeks ago '05        #14
Y.G. 
Props total: 36898 36 K  Slaps total: 6439 6 K
 Shhon said
you can code user names and passwords on paper, like not the actual username/password but the paper tells you what you personally need to know to know ...
emoji


then bring that password book in your lunch bag or backpack...
emoji


if anyone finds it, in a drastic situation, they wont have the actual information.

online electronic password managers are fu#king wild to me
emoji
You can pad your passwords with a password manager too. You'd still be the only person who knew the actual passwords in the manager.
emoji


Nothing wrong with password managers like Bitwarden. It's E2EE so only you have the keys and it's open source (anyone can examine the code for vulnerabilities). You can even self-host your vault so that you control the server.

Not to mention, no one is writing down a 128-character password. Password managers can ensure unique uniqueness. They can also manage passkeys, something a notepad can't. A secure password manager is a great thing to use.
+1   

 2 weeks ago '10        #15
Shhon  topics gone triple plat - Number 1 spot x5 OP
Props total: 58176 58 K  Slaps total: 5103 5 K
 Y.G. said
You can pad your passwords with a password manager too. You'd still be the only person who knew the actual passwords in the manager.
emoji


Nothing wrong with password managers like Bitwarden. It's E2EE so only you have the keys and it's open source (anyone can examine the code for vulnerabilities). You can even self-host your vault so that you control the server.

Not to mention, no one is writing down a 128-character password. Password managers can ensure unique uniqueness. They can also manage passkeys, something a notepad can't. A secure password manager is a great thing to use.
Interesting, I never used one but always figured they would be weak. But you're right, a 128-character password is better than what I do on paper.
emoji
+2   

 2 weeks ago '08        #16
Kewop Decam  topics gone triple plat - Number 1 spot x1
Props total: 55902 55 K  Slaps total: 4446 4 K
This is where I wouldn’t mind finger print and retina scanning for everything but the way the government moves… can’t.
+1   

 2 weeks ago '05        #17
JimDinO77  topics gone triple plat - Number 1 spot x4
Props total: 63528 63 K  Slaps total: 9687 9 K
Not a surprise…. AI makes it easier to hack anything that isn’t heavily encrypted or systems that don’t demand 2 step verification
+1   

 2 weeks ago '22        #18
podcast 
Props total: 2859 2 K  Slaps total: 729 729
Dang nobody is going to share it?

emoji


Wala

emoji
+3   

 2 weeks ago '13        #19
PCDubya 
Props total: 16344 16 K  Slaps total: 1714 1 K
Wait for the world to go to paperless money. Countries going to be knocking out each other's financial systems
+1   

 2 weeks ago '17        #20
dubsax  topics gone triple plat - Number 1 spot x2
Props total: 80007 80 K  Slaps total: 6788 6 K
have firewalled accounts Ie ones that you dont use online and only physically go inside the bank to use

know how to use browser proxies and have a secure one you trust or create your own

most importantly be inconvenienced in that the easy way for you is also the easy way for them

 2 weeks ago '20        #21
Bighempin  topics gone triple plat - Number 1 spot x8
Props total: 26148 26 K  Slaps total: 3757 3 K
 I am awake said
And yet here we are..


+1   

 2 weeks ago '10        #22
Shhon  topics gone triple plat - Number 1 spot x5 OP
Props total: 58176 58 K  Slaps total: 5103 5 K
 podcast said
Dang nobody is going to share it?

emoji


Wala

emoji
I saw it but didn't want to include it in the post, this data leak RockYou2024 happened a week ago. I was just shocked no one here posted so I did today.

 2 weeks ago '23        #23
JimmyNewtron  topics gone triple plat - Number 1 spot x4
Props total: 5252 5 K  Slaps total: 800 800
 kalico17 said
This

Bitwarden to generate everything
2FA on all accounts
Why bitwarden ?

 2 weeks ago '04        #24
kalico17  topics gone triple plat - Number 1 spot x1
Props total: 7406 7 K  Slaps total: 1014 1 K
 JimmyNewtron said
Why bitwarden ?
It’s open source
Everything is on GitHub

Let’s me know there’s no shady sh1t built in, also gives me confidence they won’t get hacked
+2   

 2 weeks ago '20        #25
Meme01 
Props total: 5492 5 K  Slaps total: 814 814
 JimDinO77 said
Not a surprise…. AI makes it easier to hack anything that isn’t heavily encrypted or systems that don’t demand 2 step verification
When you said AI, do you mean via machine learning? If so, how is this helping with decryption?

say something...

Sign me up
 
 

yesterday...


most viewed right now
props+4816
The Cameraman forgot he was live
51 comments
1 day ago
@wild'ish
most viewed right now
props+3814
Image(s) inside I asked ChatGPT Kamala or Trump...
123 comments
2 days ago
@wild'ish
most viewed right now
props+217
Video inside Predatory lending 101 peep this!
96 comments
23 hours ago
@wild'ish
most viewed right now
props+386
Video inside Kai Cenat Preview Drake and Yachty New Single🔥🔥🔥
267 comments
22 hours ago
@hiphop
back to top