UPDATED 20:58 EDT / JULY 07 2024

SECURITY

New ‘RockYou2024’ password dump raises global cybersecurity alarms

People who reuse passwords across multiple sites are at the top of the list of those who should be seriously concerned following the sharing on July 4 of nearly 10 billion unique plaintext passwords on the infamous hacking site BreachForums.

The passwords, described as being the “largest password compilation ever,” were first reported July 4 by Cybernews, under the file name “rockyou2024.txt.” The passwords are said to have come from a mix of old and new data breaches.

The hacker or hacking group, which goes by the name of ObamaCare on BreachForums, chose the name as a shoutout to previous large password dumps, particularly the RockYou2021 password dump.

Password dumps are not new, but the numbers involved in the RockYou2024 dump are unusually large. Given its size, it’s not a risk but a reality that the data in the dump will be used in credential-stuffing attacks.

Credential stuffing is a form of cyberattack wherein hackers use stolen account credentials to gain unauthorized access to user accounts across multiple platforms. The method exploits the common practice of reusing the same username and password combination on various websites.

As PC Magazine pointed out, though RockYou2024 isn’t the first of its type, the sheer size of the dump means that the odds are that wherever you are in the world, there’s a very good chance that if you’re reading this, your passwords will be in the dump.

Chris Bates, chief information security officer at artificial intelligence and quantum technology solutions provider SandboxAQ (SB Technology Inc.), told SiliconANGLE that “companies should assume all passwords are compromised and build the correct mitigating controls” and that “those include phishing-resistant multifactor authentication, passwordless authentication and behavior-based detection and response programs to detect malicious use.”

Dr. Marc Manzano, general manager of cybersecurity at SandboxAQ, noted that “it’s imperative for organizations to implement and enforce stringent password policies, educate users about the risks of password reuse and put into action multifactor authentication widespread adoption.”

“Additionally, enhancing overall IT systems security by deploying modern cryptography management platforms will be crucial in defending against large-scale threats leveraging stolen passwords,” Dr. Manzano added.

Image: TheDigitalArtist/Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU