Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

RockYou2024 compilation containing 10 billion passwords was leaked online

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The compilation (“rockyou2024.txt”) contains 9,948,575,739 unique plaintext passwords was posted on July 4th by a user with the […]

Xsolis

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum.

The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum.

RockYou2024 Source CyberNews
RockYou2024 announcement: Source CyberNews

The compilation (“rockyou2024.txt”) contains 9,948,575,739 unique plaintext passwords was posted on July 4th by a user with the handle “ObamaCare.”

The experts believe the collection contains data from “old and new data breaches.”

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” CyberNews researchers explained.

Threat actors rely on password compilations like the RockYou2024 to carry out credential stuffing attacks and compromise users’ accounts.

The RockYou2024 compilation is an expansion of the RockYou2021 collection that was discovered in 2021.

RockYou2021 had 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches. The compilation has been named ‘RockYou2021’ by the forum user, presumably in reference to the RockYou data breach that occurred in 2009, when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text. 

Cybernews reports that attackers increased the dataset by 15% from 2021 to 2024, adding 1.5 billion passwords from various internet data leaks. The latest compilation likely contains data from over 4,000 databases collected over more than two decades, originating from the 2009 RockYou data breach that included tens of millions of social media account passwords.

Cybernews announced it will add data from RockYou2024 in the Leaked Password Checker, allowing users to check if their credentials were exposed.

“With RockYou2024, we witnessed a second record-breaking compilation leaked online in 2024. Earlier this year, Cybernews discovered the Mother of all breaches (MOAB), comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records.” concludes CyberNews.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, data breach)