Over 9.9 billion passwords leaked in massive database

Security researchers have sounded the alarm over a vast database of leaked passwords, dubbed "RockYou2024", containing almost 9,948,575,739 unique passwords in plain text, according to Forbes.

The database was posted on a hackers' forum last week, and experts at CyberNews warned that it poses a significant threat of data breaches, financial fraud, and identity theft.

The leak was a compilation of old and new data breaches, with researchers noting that it revealed real-world passwords used globally.

"In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks," researchers said.

"Credential stuffing is a common method used by hackers to gain unauthorised access to accounts by using stolen login credentials from one website to breach another," the publication said.

The CyberNews team cautioned that threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain access to online accounts used by individuals who employ passwords included in the dataset.

The RockYou2024 leak builds upon an earlier leak, RockYou2021, which was shared by hackers online three years ago, as per the details shared by Forbes.