HACKERS have accumulated a colossal database containing almost 10billion leaked passwords, according to experts.

Cyber criminals claim to have a massive treasure trove of stolen details which is thought to be the largest password compilation, with new and old sensitive information.

1

Perpetrators were boasting about the 9,948,575,739 unique passwords they had obtained in a criminal forum last week.

And security researchers have warned the massive leak poses “severe dangers to users prone to reusing passwords”.

The worrying haul has been dubbed RockYou2024.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” CyberNews said.

“Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.”

Credential stuffing is when a bad actor uses leaked passwords on other popular websites in the hope that you’ve reused the same one.

This means they can break into anything from social media to bank accounts without needing to break through the website’s security systems.

It’s one of the reasons why experts repeatedly say people should never re-use their passwords.

“Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset,” CyberNews researchers explained.

“Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts.”

Hackers pulled off the ruse by scouring the internet for data leaks, adding an extra 1.5billion passwords to the data they had already gathered and bragged about between 2021 and 2024.

How to stay safe online

There are some ways people can avoid password disaster.

The most obvious change is to immediately reset passwords for any accounts associated with a leak especially.

A strong, unique password is a must – and don’t use the same password again for a different website or app.

The UK’s National Cyber Security Centre (NCSC) recommends combing three random words to create a password that’s long and strong enough.

Password manager apps can also be helpful.

Experts also urge people to switch on multi-factor authentication (MFA) if possible.

This solution requires an extra bit of verification beyond a password, such as emailing you a code.

Common password mistakes

In 2019, the National Cyber Security Centre (NCSC) compiled 20 of the most common passwords around.

Common passwords mean they’re easy for cyber thieves to guess – so if you’re using one of these you should change it right now.

• 123456
• 123456789
• qwerty
• password
• 1111111
• 12345678
• abc123
• 1234567
• password1
• 12345
• 1234567890
• 123123
• 000000
• Iloveyou
• 1234
• 1q2w3e4r5t
• Qwertyuiop
• 123
• Monkey
• Dragon

Names, favourite football teams, musicians and fictional characters are also very popular and therefore easy to guess.

The best sort of password is long and easy to remember – so the NCSC suggests using three random words strung together.

Of course, you shouldn’t recycle passwords on various platforms either. Should a hacker gain access to one they could then go onto access your other accounts.

So use a password manager to securely keep track of them all – Google Chrome and Safari can store these for you.