Posted on 07/09/2024 8:55:18 AM PDT by george76
Cyber experts have urgently warned people to update their passwords after a hacker uploaded billions of login details.
The leak, called RockYou2024, was posted on July 4th containing a staggering 10 billion passwords from a compilation of old and new data breaches.
Researchers who revealed the leak said the information could allow hackers to target any system that isn’t protected by strict security software including online and offline services, online cameras and industrial hardware.
This could prompt a wave of data breaches, financial fraud and identity theft using the passwords, which were collected from more than 4,000 databases over the last two decades.
...
Researchers at Cybernews who investigated the hack said the perpetrator goes by the name ObamaCare.
The person appeared to use 8.4 billion passwords from an earlier crime forum released in 2021.
However, an additional 1.5 billion new passwords were obtained from records from 2021 to 2024.
‘Xmas came early this year,’ ObamaCare wrote on the forum.
‘I present to you a new rockyou2024 password list with over 9.9 billion passwords.’
The hacker added that they ‘also cracked some old ones with [their] new 4090,’ - a high-end Nvidia graphics card - containing ‘actual new real passwords from users.’
The file was released in a 45.6-gigabyte .zip archive using leaked records from sites like X (formerly Twitter), AdultFriendFinder, MyFitnessPal, LinkedIn and Adobe.
...
RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world
...
should also enable multi-factor authentication which provides a second level of security by requiring verification like facial recognition or a PIN in addition to the password.
‘There really is no excuse not to use unique passwords for every single account as data breaches unfortunately continue to occur and grow,
(Excerpt) Read more at dailymail.co.uk ...
With 10 billion passwords, how is one to know they are not changing it to one of those already compromised ones?
That isn’t a good password. I always Password!2 - much more secure.
I used to use that scheme too for years (I've been in IT for decades). But the drawback of that scheme is that if ever any of those passwords is leaked in plaintext (remember, Windows stores your password in plaintext and it's not very hard to read it out), the scheme becomes obvious and a hacker can pretty quick determine the "fixed" part and the "per-site" part, and guess it for other sites.
So since I have around 250 passwords to deal with, I use 16-character random strings of upper, lower, digits, and punctuation, and two different password manager programs, encrypted and backed up to multiple computers.
Oh, and I have 2FA/MFA on the 25 or so most critical accounts, using Google-Auth, MS-Auth, and Duo-Auth on my phone. I back up my phone data (encrypted of course) to two different computers.
I can't afford to be hacked, and I can't afford to lose access to those passwords or 2FA.
My level of effort is not necessary for most people, but so far it has served me well.
Must be why the goats were acting stranger than normal this morning.
My FR password is the one given 20 years ago. But Password it is..wait maybe caps P?
jokes on them, i have a different password for every site using a formula
lol- thanks for the tip- i’ll use that one- just dont tell anyone please
p
Use an impossible to guess password .
JoeBidenMensaMember2024
“changing now to “password2””
Oh, come on. Use a little creativity. Pick something they will never guess. Like...drowssap2.
MySpace 360 million???
I’ll change my FR password to “Hang the B*st*rd!”
whats a drowssap lol
i tried out the recommended Cybernews “checker”, and like all such checkers i’ve tried they claim in my case 13 compromises, but don’t tell me WHAT accounts were compromised ... most checkers want money to provide that information, but cybernews did not, which tells me that none of them probably know exactly WHICH accounts were compromised ... so the whole thing is pretty much a scam, and much like a blood test that says you have cancer, but not what kind of cancer or where ...
Password backwards.
Passw0rd3
ah thanks- now i see it
I have a state of the art device for holding all my passwords and it’s 100% hack proof. It is called a Daytimer!! Been using one my entire career and it sits at my desk in my home office and hasn’t been hacked yet.
I use LastPass. Cloud backed up (fully encrypted) and they don’t even know your unencrypted master password. For a small fee you can use across all your devices and they sync.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.