Cyber experts have urgently warned people to update their passwords after a hacker uploaded billions of login details.

The leak, called RockYou2024, was posted on July 4th containing a staggering 10 billion passwords from a compilation of old and new data breaches.

Researchers who revealed the leak said the information could allow hackers to target any system that isn’t protected by strict security software including online and offline services, online cameras and industrial hardware.

This could prompt a wave of data breaches, financial fraud and identity theft using the passwords, which were collected from more than 4,000 databases over the last two decades.

Researchers at Cybernews who investigated the hack said the perpetrator goes by the name ObamaCare.

The person appeared to use 8.4 billion passwords from an earlier crime forum released in 2021.

However, an additional 1.5 billion new passwords were obtained from records from 2021 to 2024.

‘Xmas came early this year,’ ObamaCare wrote on the forum.

‘I present to you a new rockyou2024 password list with over 9.9 billion passwords.’

The hacker added that they ‘also cracked some old ones with [their] new 4090,’ - a high-end Nvidia graphics card - containing ‘actual new real passwords from users.’

The file was released in a 45.6-gigabyte .zip archive using leaked records from sites like X (formerly Twitter), AdultFriendFinder, MyFitnessPal, LinkedIn and Adobe.

The top two impacted brands are Chinese-based companies that far surpass other online companies.

They include 1.5 billion from Tencent - a tech company that provides internet services - and 504 million from social media platform Weibo.

‘In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,’ the researchers said, adding ‘revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.’

Credential stuffing occurs when hackers use a password from one data breach to log in to an unrelated service like using a password obtained from the AT&T leak to see if the person uses the same password for their bank account.



More at: https://www.dailymail.co.uk/sciencet...ime-forum.html