We can be certain that the RockYou2024 leak will be overshadowed promptly, but for now, it holds valuable lessons in cybersecurity
Recently, a wave of attacks targeting firms such as Santander, Ticketmaster and QuoteWizard was deemed to have stemmed from credential stuffing attacks on their cloud service provider.
These data breaches are valuable to hackers to automate the processing of ‘stuffing’ the credentials on login pages in hopes of successfully compromising user accounts.
This month, on the symbolic date of July 4, a hacking forum was found to have featured a password dump containing 9,948,575,739 unique plaintext passwords up for grabs. This appeared to be an updated version of the “RockYou2021” data leak (8.4bn passwords) that had surfaced back in June 2021. The dump file now contains 1.5bn new and unique passwords — considered to be the largest leak in history thus far.
According to Satnam Narang, Senior Staff Research Engineer, Tenable, data breaches have become so commonplace today, and the ‘RockYou2024’ collection of passwords is just one of the most recent examples of combining data from disparate breaches to create a single list of login credentials (username and password combinations).
“We can’t put the blame on users’ shoulders, because the prevalence of many different apps and services requires them to create accounts, and it’s simply easier to use the same password. This is where services like password managers can be extremely beneficial to users. Users only have to remember a single password that controls their password manager account,” Narang said.
Meanwhile, since password managers have also untenable due to cyberattacks, internet users may choose to gravitate to multimodal forms of login authentication offered by their financial institutions. This can include a combination of on-device biometric verification, passkeys, passwordless authentication, usage of various bank-specific features to restrict accounts from suspicious/alertable changes attempted by a malicious account takeover.
According to public advice offered by McAfee experts, sometimes we may not even be aware of fraudulent activities in our accounts. In this case, we need to scrutinize every transaction in bank statements and similar logs regularly, or use a credit monitoring service.
