July 8th – Cyber security researchers have observed the existence of 9.94 million plaintext passwords on a popular dark web site.
The cyber criminal responsible for the breach goes by the moniker ‘ObamaCare,’ and has a reputation for sharing sensitive information that’s been stolen through cyber breaches.
More information
Wrote the ObamaCare hacker, “Xmas came early this year. I present to you a new rockyou2024 password list with over 9.9 billion passwords!”
The passwords are from a number of different database-focused cyber breaches. Information was collected from as many as 4,000 databases over the course of more than 20 years.
Experts are concerned that this particular publicly available password complication puts affected users at risk of brute force attacks (such as credential stuffing).
In October of last year, the DNA testing firm 23andMe contended with a credential stuffing campaign that affected nearly 7 million individuals.
What else
Some researchers have noted that this may be the largest password leak ever. Mashable writes that “Anyone signed up to any service online should assume that a password that they use is on this list.”
As a result, users are advised to update their passwords and to enable multi-factor authentication on relevant accounts.
Get more information here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.