In a major cyberattack, probably one of the biggest password compilations ever has been leaked recently. According to Cybernews, a forum named ObamaCare posted a file titled RockYou2024.txt which contains 9,948,575,739 unique plaintext passwords. The report stated that this file contains passwords stolen in a mix of old and new attacks. Approximately three years back, the RockYou2021 password compilation exposed 8.4 billion plain text passwords and the latest leak adds an extra 1.5 billion passwords to the list.
Akin to numerous other data leaks, this RockYou2024 database also allows potential criminals and cyber attackers to conduct ‘brute-force’ attacks and also helps them get unauthorised access to the accounts which have been exposed in the leak.Â
ALSO READ | Weekly Tech Wrap: CMF Phone 1 Price Creates Buzz Around Rumour Mill, Google Pixel 9 Leaks Surface, More
What Is Brute Force & Why Does It Matter
Brute force in simpler words is a technique that hackers use in order to crack passwords by writing a program which automatically tries every single possible combination of letters and numbers. If we have to understand the efficacy of this method then if someone is using a password as simple as ‘1234’ then it can be cracked within seconds by a basic brute-force attack.
Brute force is not the only point of concern though. Furthermore, the RockYou2024 leak can also reduce the difficulty for attackers to use another technique known as credential stuffing. Credential stuffing is also a form of brute-force password attack and it takes advantage of people who recycle their login information, which in day-to-day use we call password reuse.
In a credential-stuffing attack, cybercriminals utilize usernames and passwords that have been exposed in a data breach and attempt to use them on various websites, aiming to gain access to accounts with weak security.
This method is akin to a brute-force attack, as cybercriminals will test numerous sets of credentials across multiple accounts.