Few days ago A text file called rockyou2024.txt appeared on the dark web. But no, it has no relation to either Scorpions (Rock You Like A Hurricane) or Queen (We Will Rock You). To understand this better, we need to go to what is generally considered to be the second meaning of the term, which has to do with impact, surprise, shock, i.e. performing an action that generates a significant impact on a person (or many).

And what did the creator (or creators) of RockYou2024 do to create such an impact? The truth is, since we read in Cybernews, they are not lagging behind. rockyou2024.txt contains nearly 10 billion passwords in plain text. The specific number, if you want to know, is 9,948,575,739 unique credentials, a number that makes it the largest collection of passwords seen in the entire history of cybercrime.

After subjecting its contents to analysis, there are several conclusions that researchers have drawn. The first is that these are real credentials (although they have not been fully tested, of course) and the second, one of the most remarkable, is that they include both keys that have already been obtained in previous leaks, as well as others that have not been seen. light (or at least not detected). The file has a creation date of July 4th and its author, identified on the forum where he shared it by the pseudonym ObamaCare, previously leaked employee databases of the law firm Simmons & Simmons, information from online casino AskGamblers, and student applications at Rowan College.

The most knowledgeable in cybersecurity matters will certainly not find this name completely strange, and that’s why Three years ago, a document called RockYou2021.txt was leaked which also became the largest list of leaked credentials recorded up to that time. This document contained approximately 8.4 billion keys, which are also present in RockYou2024, so this implies that just over 1.5 billion leaked credentials have been added over the past three years.

Using an insecure password is a huge risk, as we are often reminded on a regular basis, but the truth is this Using a secure password at this time does not guarantee that our accounts will not be compromised.. Unfortunately, the effectiveness of cybercriminals and in some cases the apathy of those responsible for the security of some services has made relying on the key alone completely inadequate at the moment.

Some tech companies have been working on Passkey for years, a system that aims to put an end to passwords as an authentication method, and fortunately, its use has already begun to be implemented. At the moment, not as quickly and as universally as we would like, but at least the change is already underway. In the meantime, it’s the safest use two-factor authentication systemswhich are present much more generally and substantially increase the level of security.

To this we must also add two basic recommendations, which, however, are sometimes ignored. The first is, and we’ve said it many times, do not repeat the same set of username/email and password in more than one service. And the second is to use features like the one integrated into Google Chrome’s password manager, which cross-references our credentials with those that appeared in the leaks and alerts us if one has been compromised so we can change it immediately. This is the most reliable method to check if any of your passwords have been exposed on RockYou2024