Cybernews reports that more than 9.948 million unique plaintext passwords from around the world have been exposed by the threat actor dubbed "ObamaCare" as part of the "rockyou2024.txt" file, which is now hailed as the largest password compilation.
Such a leak contained credentials from old and new data breaches, with attackers including an additional 1.5 billion passwords since the last release of the password compilation in 2021, which were an expansion of a database first identified in 2009, according to Cybernews researchers, who warned the possible exploitation of the compilation to facilitate brute-force attacks and widespread online account compromise.
"Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts," said researchers, who urged organizations and individuals to promptly reset impacted credentials, activate multi-factor authentication, and leverage password managers.
