ARTICLE
19 July 2024

9,948,575,739 Reasons To Change Your Passwords Now

KG
K&L Gates

Contributor

K&L Gates logo
At K&L Gates, we foster an inclusive and collaborative environment across our fully integrated global platform that enables us to diligently combine the knowledge and expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry, capital markets participants, and ambitious middle-market and emerging growth companies. Our lawyers also serve public sector entities, educational institutions, philanthropic organizations, and individuals. We are leaders in legal issues related to industries critical to the economies of both the developed and developing worlds—including technology, manufacturing, financial services, health care, energy, and more.
Explore
Cybernews has reported on its researchers' discovery of what could be the largest leaked password compilation of all time, with a record 9,948,575,739 plaintext passwords in a file called "rockyou2024.
United States Privacy
Photo of Cameron Abbott
Photo of Rob Pulham
Photo of Stephanie Mayhew
Person photo placeholder
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

Cybernews has reported on its researchers' discovery of what could be the largest leaked password compilation of all time, with a record 9,948,575,739 plaintext passwords in a file called "rockyou2024.txt" (see article).

This compilation is made up of both new and old passwords, appearing to add a further 1.5 billion passwords to the 8.4 billion passwords released under "RockYou2021" three years ago.

There is concern that the compilation substantially heightens the risk of credential stuffing attacks – essentially using brute force to try many different password combinations to gain access to various online accounts used by individuals who use passwords that appear in the dataset.

Cybernews' team believes the compilation allows attackers to target any system that isn't protected against brute-force attacks, including everything from online and offline services to internet-facing cameras and industrial hardware. Most websites are protected from brute force attacks, but stolen devices are at risk.

This may also allow other attackers to reverse engineer other leaked data from breaches. If a password appears in a different breach that also includes user details, hackers could specifically target those individuals.

The news isn't necessarily dire, with other security experts stating "there comes a point where the magnitude of this aggregated data becomes next to useless due to its vast size" (see article).

Nevertheless, it is essential to implement protection against such attacks.

How can you protect your business?

  • Have a password policy requiring employees to update their password at regular intervals, and only allows a strong and unique password;
  • Use a password manager to securely generate and store passwords;
  • Enabling Two-Factor Authentication on devices;
  • Ensuring privacy awareness amongst your organisation so that employees stay vigilant about phishing attacks, including upfront and ongoing training; and
  • Regularly monitor financial statements for any suspicious and unauthorised transactions.

Have a Data Breach Plan and keep it up to date because despite all of the above, things can still go wrong.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Cameron Abbott
Cameron Abbott
Photo of Rob Pulham
Rob Pulham
Photo of Stephanie Mayhew
Stephanie Mayhew
Person photo placeholder
Jordan Booth
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More