Following the release on July 4 of nearly 10 billion unique plaintext passwords on the infamous hacking site Breach Forums, people who use the same password for multiple websites should be especially concerned.
The passwords, which Cybernews first reported on July 4 under the file name “rockyou2024.txt,” were referred to as the “largest password compilation ever.” It is thought that a mix of recent and older data breaches led to the creation of the passwords.
On Breach Forums, the hacker or hacking group known as Obama Care chose the name to pay homage to previous large password dumps, particularly the RockYou2021 password dump.
Although password dumps are not new, the RockYou2024 dump contains unusually large numbers. Credential-stuffing attacks will almost certainly make use of the dump’s data because of its size.
Credential stuffing is a type of cyberattack in which hackers use stolen account credentials to gain unauthorized access to user accounts across multiple platforms. The technique takes advantage of the common practice of using the same username and password for multiple websites.
As PC Magazine brought up, however RockYou2024 isn’t the first of its sort, the sheer size of the dump means that the chances are that any place you are on the planet, there’s a generally excellent possibility that assuming that you’re understanding this, your passwords will be in the dump.
“Companies should assume all passwords are compromised and build the correct mitigating controls,” SandboxAQ (SB Technology Inc.) chief information security officer Chris Bates told SiliconANGLE, “those include phishing-resistant multifactor authentication, passwordless authentication, and behavior-based detection and response programs to detect malicious use.”
“It’s imperative for organizations to implement and enforce stringent password policies, educate users about the risks of password reuse, and put into action multifactor authentication widespread adoption,” said Dr. Marc Manzano, general manager of cybersecurity at SandboxAQ.
Dr. Manzano added, “In addition, enhancing overall IT system security by deploying modern cryptography management platforms will be crucial in defending against large-scale threats using stolen passwords.”
