#rockyou2024 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #rockyou2024, aggregated by home.social.
-
🎙️ Episode 338 of the @sharedsecurity podcast is here!
We're covering the recent Authy breach and its impact, as well as the RockYou 2024 password leak. Don't miss out on critical information to keep your accounts safe!
Listen and subscribe on your favorite podcast app:
https://sharedsecurity.net/subscribe
https://sharedsecurity.net/2024/07/15/authy-breach-what-it-means-for-you-rockyou-2024-password-leak/Watch on YouTube:
https://youtu.be/28A0buGYycQ -
A week in security (July 8 – July 14) https://www.malwarebytes.com/blog/news/2024/07/a-week-in-security-july-8-july-14 #AtommicStealer #RockYou2024 #TaylorSwift #Crystalray #AT&T #Peloton #Shopify #News #mspy
-
Aaaand another 100 million hashes for https://pwcheck.gwdg.de/
And no, this is not related to the #rockyou2024 collection, which is 98% junk and not worth the storage space.
-
#RockYou2024: 10 billion #passwords leaked in the largest compilation of all time
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers said.
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/ -
#RockYou2024: Wohl bislang größter #Passwort #Leak - #Achtung an alle, die ihre #Passwörter wiederverwenden oder dasselbe Passwort für den gleichen Dienst nutzen! #CredentialStuffing
"Höchstwahrscheinlich enthält die neueste RockYou-Version Informationen aus über 4.000 Datenbanken, die man über mehr als zwei Jahrzehnte zusammengetragen hat. In der Zukunft muss man mit vielen weiteren Datenlecks rechnen."
-
@legion303 Here we go, #rockyou2024 is already on archive.org...
https[:]//archive.org/details/kikTXNL6MvX6ZpRXM -
Om du i veckan ser skrämselrubriker om en ny massiv lösenordsläcka: ignorera dem. Det är gammal skåpmat i ny förpackning.
Men som vanligt: registrera din e-postadress på https://haveibeenpwned.com/ så att du får en notis när din e-postadress dyker upp i NYA lösenordsläckor.
-
AFAICT, the #RockYou2024 “leak” is just a compilation of passwords in use (not name/pass combos). But:
1. If your app allows a hacker to make 10bn login attempts unchallenged, you have a problem that isn’t made worse by RockYou2024.
2. Unclear if RockYou2024 contains data on the FREQUENCY with which each password is used. If it doesn’t, it's less useful than a much SMALLER list that tells you WHICH passwords to try first.
3. Much as I hate it, MFA works.
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
-
The #RockYou2024 leak could give hackers a huge upper hand.
Cybersecurity researchers are calling it the largest password compilation leak of all time.
On July 4, a newly registered user on a popular hacking forum posted a file containing nearly
🔸 10 billion compromised passwords in plaintext. 🔸
The post was first noticed by researchers at Cybernews.Hackers commonly use automated scripts when carrying out a brute force attack, which enables them to try out a slew of passwords within a short period of time.
With a leaked password database this big, hackers have a nearly unlimited pool of passwords to try.
The RockYou2024 leaked password list is new, so at the time of this writing, it's unclear if any private data has been compromised as a direct result of this compilation.
Anyone signed up to any service online should assume that a password that they use is on this list. Cybersecurity researchers recommend that users update their passwords and enable multi-factor authentication wherever possible.
https://mashable.com/article/rockyou2024-leaked-password-database
-
CW: The RockYou2024 compilation (9.95B strings) is so junky that most password crackers are better off just using Hashmob's founds list instead.
The junk includes:
- 453M 32-hex hashes
- 444M digits-only strings of length 8-11 (easily bruteforced)
- 415M lower-digit or digit-lower strings that are clearly just wordlist words with all possible 4-digit strings appended or prepended
- 287M of length 6 or less (easily bruteforced)
- 201M 40-hex hashes
- 138M bcrypt hashes (plus 15M truncated bcrypts)
- 71M strings more than 100 characters
- 51M 96-hex hashes
- 50M Houzz
__SEC__(modified sha512crypt) hashes - 18M encrypted + base64 passwords from the 2013 Adobe leak (credit: Flagg)
- 12M 32-hex prefixed with '0x'
- 11M Google auth tokens (ya29 prefix)
- 7M with at least 20 contiguous hex chars
- 6.6M 128-hex hashes
- 160K argon2 hashes
("Easily bruteforced" means that competent attackers are going to run the equivalent hybrid or bruteforce attack anyway much faster on GPU. All these naively-generated strings do is waste attack time ... and inflate the scary size of the compilation 🙄)
If you remove all of this junk (that's useless for directly cracking a human-generated password), all of the RockYou2021 mashup (which was itself similarly problematic), and all founds already available on Hashmob (1.2B) ...
... you're left with only 190M strings that are "net new, maybe useful".
So if you're a pentester or other "normal" password cracker, you can probably just skip RockYou2024. It's only going to be useful if you're a completionist who's trying to crack other mashups (like the long tail of junk in the Pwned Passwords corpus, etc.)
[will update post as I find more non-trivial junk]
-
Wow... #RockYou2024 is definitely gonna rock some houses in a pretty bad way. Still digging into it, but folks - please keep your head on a swivel and start to change passwords, NOW. Don't wait for results. Frequently changing passwords is good practice anyhow, so change everything as you're able as a practice and you'll be safer from the starting line. Make it a habit. #cybersec #technology #secuity
-
RockYou2024: Massive 10-Billion Password Leak Raises Credential Stuffing Concerns https://thecyberexpress.com/rockyou2024-10-billion-password-leak/ #TheCyberExpressNews #CybersecurityNews #TheCyberExpress #DataBreachNews #FirewallDaily #PasswordLeak #DarkWebNews #RockYou2024 #RockYou2024 #databreach
-
#RockYou2024 doesn't contain any passwords that haven't already been leaked (as far as I know). It does draw a bit more attention to those passwords, but all of them have already been compromised. The overall threat level hasn't changed much.
What would change the situation is a compact, high quality list of passwords that can be used for online attacks. High quality in this context means, for example, that the passwords are not already inadmissible due to basic password rules.
3/4 🧵
-
Of course, we have more computing power today than we did a few years ago, so using bigger lists is possible. But we also have enough computing power that we don't really need password lists for passwords shorter than 10 characters. #RockYou2024 doesn't really change anything there.
And also the strategy for defending against attacks doesn't really change either: Use (reasonably) long randomly generated passwords. That was the right advice last month, and it is the right advice today.
2/4 🧵
-
I saw a lot of posts declaring #RockYou2024 a whole new threat level, giving hackers somehow the upper hand.
I think this comes from a misplaced belief that bigger is better, but the whole idea of password lists is to focus on a small subset of all possible passwords. Making the list bigger doesn't necessarily make it better, but it does make it less helpful.
1/4 🧵
-
📬 RockYou2024: 9,9 Milliarden Passwörter geleakt
#Cyberangriffe #ITSicherheit #Fastuploadio #gofileio #LeakBaseio #ObamaCare #RockYou2024 https://sc.tarnkappe.info/8bdfd5