Almost 10 billion passwords leaked in largest password compilation ever
It's time to change your passwords.
A text file posted to hacker forums contains the largest password dump in history. The file, named "rockyou2024.txt," contains 9,948,575,739 passwords, according to security research firm Cybernews.
The compilation is essentially a combination of existing known passwords from hacks dating back further than 20 years alongside new data breaches. While having passwords tied to specific usernames is obviously dangerous for users of a website, the true threat comes from what a dump of this size allows hackers to do: brute force attacks.
Essentially, this dump gives hackers a massive springboard from which to launch brute force attacks to access user accounts and sensitive data. As such, it is tantamount affected users (which likely includes most Internet users across the globe) change their passwords as soon as possible.
In addition to changing passwords, people should also enable two-factor authentication (2FA) wherever available. This adds an extra layer of security when logging in; even if someone has a username and password, 2FA requires a log-in attempt to be authenticated on a separate device or through a separate avenue. A hardware-based 2FA method (such as the Yubico YubiKey 5Ci, currently available at Amazon for $75) can be preferable to an account-based method (such as emailing an authentication code) as a hacker may have access to an email account and can thus gain access to a 2FA code.
Password managers are also good ways to access and update passwords en masse, and there are many free and secure options available, such as KeePass XC.