A record-breaking collection of stolen passwords has been uploaded to a well-known crime forum, posing significant cybersecurity threats worldwide. The database, named RockYou2024, contains nearly 10 billion unique passwords, according to cybersecurity researchers. The hacker, operating under the pseudonym 'ObamaCare', allegedly gathered these passwords from numerous data breaches and hacks over several years.

Security experts from Cybernews reported the discovery of the RockYou2024 password database on the BreachForums criminal underground forum. The database includes 9.95 billion unique passwords in plaintext format. This compilation builds upon the RockYou 2021 database, which contained 8.4 billion passwords, incorporating approximately 1.5 billion new entries from 2021 to 2024. The latest file is said to contain passwords from 4,000 significant databases of stolen credentials, covering over two decades.

The researchers from Cybernews explained that the RockYou2024 leak is a compilation of real-world passwords used by individuals worldwide, significantly increasing the risk of credential stuffing attacks.Earlier in 2021, Cybernews team published a story about the RockYou2021 password compilation, the largest at the time, with 8.4 billion plaintext passwords. The RockYou2021 compilation, an expansion of a data breach from 2009, included tens of millions of user passwords for social media accounts. 

Despite the vast volume of the RockYou2024 leak, some cybersecurity experts have raised concerns about the data's integrity. Some researchers suggest that much of the data may be of little use to cybercriminals. In response, Cybernews stated that their researchers had verified around 30 GB of the data and found a 100% match with part of the RockYou dataset. However, they did not thoroughly investigate all the datasets.

Cybernews clarified that their aim is to inform the public about potential risks, not to provide the dataset to threat actors.

The Cybernews team believes that attackers can utilize the ten-billion-strong RockYou2024 compilation to target any system that isn't protected against brute-force attacks. This includes everything from online and offline services to internet-facing cameras and industrial hardware.