mkj<p><span class="h-card" translate="no"><a href="https://tenforward.social/@bobbensonbill" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bobbensonbill</span></a></span> "[the poster] claims they used that older list [which had around 8.4 billion passwords] and updated it with newer password leak data from over the past three years"</p><p>So it's a compilation of, to a very large extent, preexisting data.</p><p>Not saying having it all in one place doesn't make it more convenient for an adversary, but the "nearly 10 billion credentials" is overselling this one by just a bit.</p><p><a href="https://social.mkj.earth/tags/RockYou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockYou2024</span></a> <a href="https://social.mkj.earth/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.mkj.earth/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.
Administered by:
Server stats:
480active users
social.coop: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#rockyou2024
0 posts · 0 participants · 0 posts today
pablolarah<p>🟥RockYou2024: 10 billion passwords leaked in the largest compilation of all time<br>by Vilius Petkauskas<br>@MrVilius at @CyberNews <br><a href="https://mastodon.social/tags/PasswordsLeaked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordsLeaked</span></a> <a href="https://mastodon.social/tags/RockYou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockYou2024</span></a> </p><p><a href="https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybernews.com/security/rockyou</span><span class="invisible">2024-largest-password-compilation-leak/</span></a></p>
SecuriLee🇨🇭<p><a href="https://infosec.exchange/tags/rockyou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rockyou2024</span></a> is a mess. Duplication, hashed and clear-text passwords. No context, no credentials. It's not even possible to use it as a cred-stuffing source.</p><p>💩 </p><p><a href="https://ciso.pm/rockyou2024-its-a-mess/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso.pm/rockyou2024-its-a-mess</span><span class="invisible">/</span></a></p>
Benjamin Carr, Ph.D. 👨🏻💻🧬<p><a href="https://hachyderm.io/tags/RockYou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockYou2024</span></a>: 10 billion <a href="https://hachyderm.io/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> leaked in the largest compilation of all time<br>“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers said. <br><a href="https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybernews.com/security/rockyou</span><span class="invisible">2024-largest-password-compilation-leak/</span></a></p>
securityaffairs<p><a href="https://infosec.exchange/tags/RockYou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockYou2024</span></a> compilation containing 10 billion passwords was leaked online <br><a href="https://securityaffairs.com/165460/data-breach/rockyou2024-compilation-10b-passwords.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/165460/dat</span><span class="invisible">a-breach/rockyou2024-compilation-10b-passwords.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
Prof. Dr. Dennis-Kenji Kipker<p><a href="https://chaos.social/tags/RockYou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockYou2024</span></a>: Wohl bislang größter <a href="https://chaos.social/tags/Passwort" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwort</span></a> <a href="https://chaos.social/tags/Leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Leak</span></a> - <a href="https://chaos.social/tags/Achtung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Achtung</span></a> an alle, die ihre <a href="https://chaos.social/tags/Passw%C3%B6rter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwörter</span></a> wiederverwenden oder dasselbe Passwort für den gleichen Dienst nutzen! <a href="https://chaos.social/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CredentialStuffing</span></a></p><p>"Höchstwahrscheinlich enthält die neueste RockYou-Version Informationen aus über 4.000 Datenbanken, die man über mehr als zwei Jahrzehnte zusammengetragen hat. In der Zukunft muss man mit vielen weiteren Datenlecks rechnen."</p><p><a href="https://tarnkappe.info/artikel/cyberangriffe/rockyou2024-99-milliarden-passwoerter-geleakt-298293.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tarnkappe.info/artikel/cyberan</span><span class="invisible">griffe/rockyou2024-99-milliarden-passwoerter-geleakt-298293.html</span></a></p>
Xavier Ashe :donor:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@legion303" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>legion303</span></a></span> Here we go, <a href="https://infosec.exchange/tags/rockyou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rockyou2024</span></a> is already on archive.org... <br>https[:]//archive.org/details/kikTXNL6MvX6ZpRXM</p>
spamnation<p>AFAICT, the <a href="https://noc.social/tags/RockYou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockYou2024</span></a> “leak” is just a compilation of passwords in use (not name/pass combos). But:</p><p>1. If your app allows a hacker to make 10bn login attempts unchallenged, you have a problem that isn’t made worse by RockYou2024.</p><p>2. Unclear if RockYou2024 contains data on the FREQUENCY with which each password is used. If it doesn’t, it's less useful than a much SMALLER list that tells you WHICH passwords to try first.</p><p>3. Much as I hate it, MFA works.</p><p><a href="https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybernews.com/security/rockyou</span><span class="invisible">2024-largest-password-compilation-leak/</span></a></p><p><a href="https://noc.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Chuck Darwin<p>The <a href="https://c.im/tags/RockYou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockYou2024</span></a> leak could give hackers a huge upper hand.</p><p>Cybersecurity researchers are calling it the largest password compilation leak of all time.</p><p>On July 4, a newly registered user on a popular hacking forum posted a file containing nearly<br>🔸 10 billion compromised passwords in plaintext. 🔸<br>The post was first noticed by researchers at Cybernews.</p><p>Hackers commonly use automated scripts when carrying out a brute force attack, which enables them to try out a slew of passwords within a short period of time. </p><p>With a leaked password database this big, hackers have a nearly unlimited pool of passwords to try. </p><p>The RockYou2024 leaked password list is new, so at the time of this writing, it's unclear if any private data has been compromised as a direct result of this compilation.</p><p>Anyone signed up to any service online should assume that a password that they use is on this list. Cybersecurity researchers recommend that users update their passwords and enable multi-factor authentication wherever possible.</p><p><a href="https://mashable.com/article/rockyou2024-leaked-password-database" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mashable.com/article/rockyou20</span><span class="invisible">24-leaked-password-database</span></a></p>
Royce Williams<p>The junk includes:</p><ul><li>453M 32-hex hashes</li><li>444M digits-only strings of length 8-11 (easily bruteforced)</li><li>415M lower-digit or digit-lower strings that are clearly just wordlist words with all possible 4-digit strings appended or prepended</li><li>287M of length 6 or less (easily bruteforced)</li><li>201M 40-hex hashes</li><li>138M bcrypt hashes (plus 15M truncated bcrypts)</li><li>71M strings more than 100 characters</li><li>51M 96-hex hashes</li><li>50M Houzz <code>__SEC__</code> (modified sha512crypt) hashes</li><li>18M encrypted + base64 passwords from the 2013 Adobe leak (credit: Flagg)</li><li>12M 32-hex prefixed with '0x'</li><li>11M Google auth tokens (ya29 prefix)</li><li>7M with at least 20 contiguous hex chars</li><li>6.6M 128-hex hashes</li><li>160K argon2 hashes</li></ul><p>("Easily bruteforced" means that competent attackers are going to run the equivalent hybrid or bruteforce attack anyway much faster on GPU. All these naively-generated strings do is waste attack time ... and inflate the scary size of the compilation 🙄) </p><p>If you remove all of this junk (that's useless for directly cracking a human-generated password), all of the RockYou2021 mashup (which was itself similarly problematic), and all founds already available on Hashmob (1.2B) ...</p><p>... you're left with only <strong>190M</strong> strings that are "net new, maybe useful".</p><p>So if you're a pentester or other "normal" password cracker, you can probably just skip RockYou2024. It's only going to be useful if you're a completionist who's trying to crack other mashups (like the long tail of junk in the Pwned Passwords corpus, etc.)</p><p>[will update post as I find more non-trivial junk]</p><p><a href="https://infosec.exchange/tags/PasswordCracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordCracking</span></a> <a href="https://infosec.exchange/tags/RockYou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockYou2024</span></a></p>
Adam John<p>Wow... <a href="https://mysocial.community/tags/RockYou2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockYou2024</span></a> is definitely gonna rock some houses in a pretty bad way. Still digging into it, but folks - please keep your head on a swivel and start to change passwords, NOW. Don't wait for results. Frequently changing passwords is good practice anyhow, so change everything as you're able as a practice and you'll be safer from the starting line. Make it a habit. <a href="https://mysocial.community/tags/cybersec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersec</span></a> <a href="https://mysocial.community/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a> <a href="https://mysocial.community/tags/secuity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secuity</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload