Это видео недоступно.
Сожалеем об этом.
‘RockYou2024’ Password Leak Dumps 10 Billion Passwords
HTML-код
- Опубликовано: 7 июл 2024
- On July 4th, a new password dump containing nearly 10 billion unique plaintext passwords was shared on a dark web hacking forum called BreachForums. This massive data breach has been dubbed “RockYou2024” and poses serious risks for anyone who reuses passwords across multiple online accounts.
“RockYou2024” password dump is being described as the largest password compilation ever uncovered. It contains a mix of credentials stolen from various data breaches both old and new over time. The hacking group that published the dump uses the name “ObamaCare” and appeared to be making a reference to previous major password leaks like “RockYou2021”.
So we have a single file called “rockyou2024.txt” containing close to 10 billion unique passwords that have been compiled by hackers from multiple sources over an extended period. To put that number in perspective, that’s more passwords than there are people on the entire planet. And security experts are warning that these stolen credentials pose real risks if users have reused any of these passwords elsewhere.
With such a massive dataset available, there is serious concern about credential stuffing attacks. Credential stuffing involves hackers using lists of leaked usernames and passwords to systematically try and log into other accounts, betting that many users have reused those same credentials. The large scale of the RockYou2024 dump drastically increases the chances that any individual’s passwords may have been compromised.
FIND US AT
dailysecurityr...
FOLLOW US ON SOCIAL
Get updates or reach out to Get updates on our Social Media Profiles!
Twitter: / securitydailyr
Facebook: www.facebook.c...
LinkedIn: / security-daily-review
From what I can tell looking at the file, it doesn't seem to contain usernames, it's just a list of passwords. The intent would be to use it for brute force attacks, but even if you're able to try 10 passwords per second, that's still 1 billion seconds (over 30 years) to try all those passwords for a single account on a single site. If they were paired with usernames, it would be a lot more scary, but as it stands, I think the practical use of this list is limited. Even if you knew one of the passwords in that list is the one you're looking for, it would still be almost impossible to find the password you're looking for. If there's a version that does contain usernames as well, it would be a very different discussion.
probably can be useful for offline cracking
like cracking archive file passwords like winrar
@@kjyu4539 Unless you have access to a ton of computers, I think it's use would still be limited. Let's say you could test a thousand passwords per second (a fairly unrealistic target, as it usually needs to extract a file to test if the password was correct or not, which of course takes time), let's say you have the computer resources to do it, that's still almost 4 months to try all those passwords, and the password may not even be among those leaked. I think the bigger question is whether the creators of this list of passwords happen to have a version including usernames. That is where I'd be concerned.
fckkkkk