Several months ago, security researchers discovered the world's largest collection of stolen passwords and credentials had been uploaded to an infamous criminal marketplace where cybercriminals would trade such credentials for a considerable amount of money. A hacker known as 'ObamaCare' has posted a database which, according to the hacker, contains nearly 10 billion unique passwords built over many years as a result of numerous data breaches and hacks he has been spreading across the web for several years.
'ObamaCare', a user identified as 'ObamaCare', posted on a popular hacking forum on Thursday a collection of leaked passwords known as 'RockYou2024'. In the past, 'ObamaCare' has outsourced stolen data on the internet several times and it is not the first time they have done so. According to the report, the user had previously shared a database of Simmons & Simmons employees, a lead from the online casino AskGamblers, and applications from Rowan College in New Jersey before taking down the reports.
The researchers at CyberNews have reported that on July 4, 2014, a hacker using the handle "ObamaCare" posted a file on a hacking forum that contained 9,948,575,739 unique plaintext passwords. The password dump that was recently found on the web is a more recent version of the "RockYou2021" data leak collection that surfaced in June 2021.
In that particular instance, there were 8.4 billion unique passwords within the stolen collection of passwords at the time. This goldmine of thousands of unique passwords has been expanded by cybercriminals since 2021. The goldmine now includes 1.5 billion new and unique passwords added by these cyber criminals.
“The team verified the leak passwords by cross-referencing the RockYou2024 leak passwords with a leaked password checker provided by Cybernews, which showed that these passwords were obtained from a mix of both old and new leaks,” Cybernews researchers wrote.
There seem to have been a record number of stolen and leaked credentials discovered on the BreachForums criminal underground forum by security researchers from Cybernews. This collection has been the largest collection that has ever been seen on that site. A compilation of RockYou2024 appears to consist of an astonishing 9,948,575,739 unique passwords, all in plaintext form, with a total of 9,948,575,739 passwords.
The database is said to have been built from an earlier credentials database called RockYou 2021, which contained eight billion passwords, and that has been added to with roughly 1.5 billion new passwords. The credential files cover a period to be measured between the years 2021 and 2024, and a total of 4,000 huge databases of stolen credentials have been estimated to contain information spanning a minimum of two decades in the latest credential file.
Researchers stated that, in essence, the RockYou2024 leak contains a compilation of passwords that are used by people around the world. They also stated that, according to the researchers, the number of passwords used by threat actors is very large, which translates into a substantial risk of credential-stuffing attacks. There are several ways in which credential stuffing and brute force attacks can be mounted on passwords that have been leaked in such datasets.
In credential stuffing attacks, the criminal acts by which they use passwords that have been stolen from one device or account to gain access to another device or account are described as the practice of the criminals.
There is a premise at the foundation of this attack that users often have a single password for all of their accounts and devices, which allows criminals to access their account information, including other accounts or all their accounts, using that password.
It is a process of using trial and error methods to try and guess sign-in information, passwords, and encryption keys for network systems. This is called a brute force attack.
In a report published by Cybernews, the researchers said the database, which can be used to target all sorts of services, from online to offline, to internet-facing cameras and industrial hardware, is among the data.
"By combining the data from RockYou2024 with other leaked databases from hacker forums, marketplaces, and other places where electronic mail addresses and other credentials can be published, it has the potential to trigger a cascade of data breaches, identity thefts, and financial frauds," the researchers stated.
The multi-platform password manager that Bitdefender offers offers numerous benefits, including automatic password leak alerts that alert you as soon as your passwords and emails have been exposed online, with the ability to change them immediately.
Users are advised to utilize a digital identity protection service to monitor their online identity and receive real-time alerts about data breaches and leaks involving their online information. One such service, Bitdefender Digital Identity Protection, offers a comprehensive solution for identity protection.
Bitdefender Digital Identity Protection enables users to respond immediately to data breaches and privacy threats.
Through instant alerts, users can take swift action to prevent damage, such as changing passwords with one-click action items. The service provides real-time monitoring by continuously scanning the internet and the dark web for personal information. Users receive alerts whenever their data is involved in a data breach or leak.
Additionally, Bitdefender Digital Identity Protection offers peace of mind by immediately flagging suspicious activity and actively monitoring personal information. Users can rest assured that their digital identity is under constant surveillance.
Furthermore, the service provides a 360° view of all data associated with a user’s digital footprint. This includes traces from services no longer in use but still retaining the user’s data. Users can also send requests for data removal from service providers, ensuring a more secure online presence.
Overall, Bitdefender Digital Identity Protection is recommended for users seeking to safeguard their online identity and stay informed about potential security threats in real-time.