A record-breaking collection of stolen passwords has just been published.
Dubbed “RockYou2024”, it is a compilation of previously published stolen passwords. Since the list was last published in 2021, around 1.5 billion additional passwords have been added, taking this latest version to a record-breaking total of 10 billion stolen passwords.
On the plus side, the set is mostly made up of previously published stolen information, so it is not really anything new.
On the downside, including all the data into one file makes it much easier for cybercriminals to use it for mass automated attacks, which increases the risks to you if you do not practice good password hygiene.
Should I be worried?
It depends on whether you practice good password hygiene or not.
If you answer “yes” to any of these questions you should consider yourself at risk:
- I have passwords that are more than 1 year old.
- I have the same password on 2 or more web sites or services.
- I update passwords by adding a number to them.
- I have not changed the factory provided password on internet-connected devices, e.g. Wi-Fi routers, security cameras, door cameras/locks, home automation systems, or any other “smart” devices.
- I don’t use Multi-Factor Authorisation, aka MFA or 2FA (read our article on what MFA is).
How can I protect myself?
Practice good password hygiene:
- Change passwords frequently.
- Never use the same password for different web sites or services.
- Make passwords as long as possible.
- Create passwords by using passphrases (4 or more words run together), or random character passwords generated by password managers.
- Never include personal details in passwords, e.g. names, birthdays, pets, addresses, etc.
- Always change the passwords on any internet-connected devices.
- Use Multi-Factor Authorisation wherever it is available.
- Using a password manager app is recommended to securely generate, store and manage passwords.