A massive hack occurred over the July 4th holiday when 10 billion unique passwords were exposed from users and customers across a slew of popular websites, including Ticketmaster and Santander.
The plain text file, called RockYou2024, leaked the passwords of customers all over the world. The data is thought to have been collected through a series of hacks over two decades.
Related: Ticketmaster Hack Affects Over 560 Million Customers
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers for CyberNews said. “Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset.”
The CyberNews team noted the leak, combined with other breaches that exposed email addresses and phone numbers, could lead to “a cascade of data breaches, financial frauds, and identity thefts.”
Bad actors could attempt attacks on anything from “internet-facing cameras and even industrial hardware,” they added.
For example, if a hacker sees that your email address is associated with the password in the RockYou2024 file, it might check to see if you use the same password for your email address for another company leaked in a separate hack.
Though this hack is said to be the largest in history, it’s not the first “RockYou” event.
Related: AT&T Customer Data Leaked to ‘Dark Web,’ Millions Affected
In 2021, RockYou2021 was published, containing an estimated 8.4 billion passwords. RockYou2024 is thought to include these passwords plus an additional 1.5 billion collected over the past three years. RockYou2021 was primarily composed of social media account passwords.
CyberNews recommends changing passwords used across multiple websites or accounts and enabling multi-factor authorization on any devices possible.