RockYou2024: Almost 10 billion passwords are now exposed in the most significant leak of all time

The leak contains old and new passwords from the same users, so your password might be there.

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more


In the biggest gathering of stolen passwords known to date, specialists from Cybernews unexpectedly found an astonishing collection containing almost 10 billion passwords on a famous hacking forum called RockYou2024. The one who uploaded this troubling file, identified as “ObamaCare,” has gathered a big collection of rare plaintext passwords. This individual sets a new standard for cyber dangers, consolidating data from previous and current breaches.

It’s a warning for all. If you use the same passwords on different platforms, this is the time to reconsider your safety methods. A large amount of revealed passwords greatly increases the danger of credential-stuffing attacks. These attacks take advantage of the usual practice of using one password for many accounts, which lets hackers get into several platforms with only a single set of login details.

But here’s the thing: The RockYou2024 database is a blend of new and old passwords, which means that there’s a high chance one of your passwords is present in it. As cybercriminals keep looking for ways to break into accounts using these login credentials, the danger becomes very imminent indeed.

So, what do we all have to do at this point? Change the passwords. If you find your password in the leak (although we don’t recommend downloading the file, as it is over 50GB) or think it may be weak, modify it to something robust and distinctive. Also, make sure you are not using identical passwords for multiple services.

You might also want to try multi-factor authentication, and on Windows 11, it is quite easy to enable it. Using more than one method can lower the chance of someone getting into your accounts without permission. Do not forget password managers, either. These are useful tools for managing your passwords and ensuring each one is strong enough. Edge’s password monitor is handy here, as it shows you when your passwords are found in online leaks – you’ll just need to enable the option.

The RockYou2024 leak is definitely scary, and chances are your password, or ours, for that matter, might be on that list. There are around 10 billion (9,948,575,739, to be more specific) passwords, making the danger very real. Yet, with proper measures, you can protect your digital life from these constantly changing cyber dangers.

More about the topics: Cybersecurity, microsoft