Hacking into an account doesn’t always require deep expertise in exploiting vulnerabilities. Sometimes it’s a simple as taking leaked information and placing it elsewhere on the internet. That’s why the release of massive password collections are dangerous—and why alarms are now sounding over a drop of nearly 10 billion passwords.
First spotted in a forum on July 4, RockYou2024 is a compilation of 9.94 billion leaked passwords. The massive password dump includes entries from the RockYou2021 collection, data from newer breaches and leaks, and data cracked by the person who posted it. RockYou2021 released with 8.4 billion password entries, including millions related to social media sites. For comparison, the Mother of All Breaches contained 26 billion pieces of personal data that included information beyond passwords.
You can read up on the full details of RockYou2024 in Cybernews’ report, but this discovery’s biggest takeaway is that everyone should shore up their account security right away. If you haven’t changed your passwords for compromised accounts (especially after the big Ticketmaster breach in late May), or if you reuse passwords, you could become an easy victim of credential stuffing—which is when someone tries your leaked login info across the web, and sees what accounts they can get into.
To better protect yourself, take these steps:
I personally recommend switching to passkeys whenever possible—they require much less thought or effort than passwords. All you need is a good backup for your passkeys (in case you lose your phone or PC, which is where they’ll be stored). Good news is, many major password managers now let you store passkeys on them, too.