Hackers Now Have Access to 10 Billion Stolen Passwords

Condobloke

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
10,537
Reaction score
8,436
Credits
73,539
lifehacker.com

Hackers Now Have Access to 10 Billion Stolen Passwords

Researchers have discovered a text file containing nearly 10 billion unique passwords stored in plaintext. This file could be used by bad actors for brute force attacks against individuals and organizations.
lifehacker.com lifehacker.com
 


Ten billion seems like quite a lot, and computer users may feel tempted to download the file with the contents, apparently named: rockyou2024.txt. A brief hunt online suggested it's a 45GB download which decompresses to 145GB.

However, consider passwords made up just of alphabet characters a to z, that is 26 lower case characters. To calculate all unique combinations, one can use factorial 26. Factorial 26 equals:
403291461126605635584000000
calculated on the factorial calculator here:
www.calculatorsoup.com

Factorial Calculator n!

Factorial Calculator. Find the factorial n! of a number, including 0, up to 4 digits long. n! factorial calculator and examples. Free online factorial calculator.
www.calculatorsoup.com www.calculatorsoup.com

That calculation, apart from being much greater than billions, and only containing lower case alphabet characters would yield a much greater number when all the other keyboard characters are included.

None of this is to say that the rockyou2024.txt doesn't include lots of commonly use passwords, rather, that it's just a relatively small number in relation to the possible number of passwords.
 
It's not clear to me if they're talking about a gazillion passwords with the associated user account identities to which they apply or simply a gazillion raw passwords with no context that would make them useful.

If the list has records like

my_user_id my_bank_or_service my_password

then that's bad. If it has records like

my_user_id my_password

then that's bad but significantly less bad than the first one. If it just has records like

my_password

Then who the heck cares? That would be a dictionary and those have been around for decades,
 
I guess they get their jollies by running a brute force attack using that particular dictionary, which apparently contains known/used passwords.

This would increase their chances of hitting the 'jackpot'
 
researchers say they found a text file, called rockyou2024.txt, containing nearly 10 billion unique passwords, all stored in plain text.
Click to expand...
These passwords were collected over time, from various attacks and leaks over the past 20 years.
Click to expand...
Well, if those passwords have been made public then they're not really special for brute-forcing but just another dictionary among many others that exist out there.
Over 20 years many people likely changed their passwords or closed or stopped using accounts.
It's questionable how many of those hacked accounts are worth $$ such as steam accounts or bank accounts etc..

osprey said:
None of this is to say that the rockyou2024.txt doesn't include lots of commonly use passwords, rather, that it's just a relatively small number in relation to the possible number of passwords.
Click to expand...
Right, I have 13GB of password dictionaries (compressed) on my HDD and there are sources to at least quadruple that if I want with no problems making it even bigger than "rockyou2024.txt" although perhaps not human generated passwords.

Also it's well known that any credentials that are worth $$ are sold on various hacker forums for a discounted price of their actual value, so I doubt they put those into a dictionary prior to being depleted by a hacker or a buyer of the credentials.
 
@f33dm3bits
I known that one, my email is "pawned" once but because I made it public, somebody here on forums also shared a similar site to check if your password is pawned.

I would personally only use these sites if I'm about to change my password or email though regardless of the result.
 
I saw that article a few days ago. Thanks @Condobloke for sharing.
 
osprey said:
None of this is to say that the rockyou2024.txt doesn't include lots of commonly use passwords, rather, that it's just a relatively small number in relation to the possible number of passwords.
Click to expand...
The passwords in that file are incredibly weak, and most modern websites don't let use passwords like that. For example, "password" is in the file. I was interested because github users got hacked and wanted to see if it contained the main passwords i use (it didn't).
 
You must log in or register to reply here.

Similar threads

Condobloke
It's About to Get Much Easier to Cancel Your Subscriptions
Replies
5
Views
171
KGIII
K
Condobloke
Your Discord Data Is Being Sold to Law Enforcement and AI Companies Assume your Discord conversations are public.
Replies
12
Views
3K
CaffeineAddict
CaffeineAddict
Condobloke
What You Should Do After the Massive AT&T Data Leak, which occured in February 2024
Replies
1
Views
2K
GatorsFan
GatorsFan
Condobloke
A Hack May Have Exposed the Data of Three Billion People More than a third of the planet may have had their data breached.
Replies
4
Views
1K
Diputs
D
Condobloke
Adobe.......
Replies
7
Views
2K
Condobloke
Condobloke


Members online

Total: 771 (members: 3, guests: 768)

Latest posts

Top