10 Billion Passwords Got Exposed In Biggest Data Breach Ever: Report

RockYou2024; a data breach that exposed nearly 10 billion passwords, heightening risks of credential stuffing and brute force attacks for users.

Punam Singh
New Update
data breach

In an unprecedented breach, nearly 10 billion passwords have been leaked online, marking the largest data haul ever. The compilation, named RockYou2024, was shared by a hacker known as ‘ObamaCare’ on a popular hacking forum, according to a report by Cyber News.


The staggering RockYou2024 dataset that contains 9,948,575,739 unique passwords is being marked as the largest in a series of extensive password leaks.  This recent leak by ‘Obamacare’ includes both newly stolen and previously compromised passwords. The data was meticulously compiled over more than a decade. And, the researchers at Cyber News who have analyzed the dataset have confirmed that this is the third and most expansive compilation of its kind.

This isn’t the first time ‘ObamaCare’ has posted stolen data online. Previous leaks include employee databases from the law firm Simmons & Simmons, data from the online casino AskGamblers, and applications for Rowan College in New Jersey.

Such a vast database of passwords significantly heightens the risk of credential stuffing and brute force attacks. Credential stuffing involves using stolen passwords from one account to gain unauthorized access to other accounts, exploiting the common practice of password reuse. Brute force attacks involve systematically guessing passwords to breach accounts.

Cyber News researchers have warned that the RockYou2024 dataset can be used to target everything from online services to internet-facing cameras and industrial hardware. When combined with other leaked databases containing user email addresses and credentials, this dataset could trigger a cascade of data breaches, financial fraud, and identity theft.

The RockYou2024 password leak represents a significant threat in the cybersecurity landscape. With nearly 10 billion passwords exposed, the potential for widespread credential stuffing and brute force attacks is unprecedented. Users and organizations must act swiftly to mitigate the risks, employing robust security measures to safeguard their digital identities.