When was the last time you changed your password(s)? Chances are that you are like most people who use the same or similar passwords for all your online services. We know that we should be more vigilant and more safe, but we never get around to it and it’s too late once we are caught up in a data breach or hack.

Cybernews has reported that up to 10 billion passwords have been leaked in a single text file, enabling hackers to test the defenses of billions of online users. A brute-force attack of an 8 character password could be shortened using known passwords rather than having to churn through billions of options.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers said.

Credential stuffing attacks can be severely damaging for users and businesses. For example, a recent wave of attacks targeting Santander, Ticketmaster, Advance Auto Parts, QuoteWizard, and others was a direct result of credential stuffing attacks against the victims’ cloud service provider, Snowflake.

“Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset,” the team explained.


Protecting your Data Online

This particular file is just passwords. The passwords are not linked to specific user accounts, however they can be used in attacks to increase the chances of the hacker’s success. You know what you should be doing, but maybe this event is enough to make you change your behaviour and take the following steps:

  • Reset the passwords for all accounts as soon as possible. Experts recommend using strong, unique passwords that are not reused across multiple platforms. Adding just one extra character increases the combinations from around 209 Billion to 94 to the power of 9 (a lot).
  • Enable multi-factor authentication (MFA) wherever possible. This enhances security by requiring additional verification beyond a password. Not all sites have MFA built in, but where possible consider using it.
  • Use password manager software to securely generate and store complex passwords. Password managers mitigate the risk of password reuse across different accounts.

Designing Security into the Product from the Beginning

A combination of a username and an 8 character password just isn’t fit for purpose in the days of high speed GPUs and AI. Users should demand more of the services they use to make sure their personal data is protected. AutoSettle is using security by design principles to prioritise the security of customers as a core business requirement, rather than merely treating it as a technical feature or an afterthought.

AutoSettle is utilising the latest Digital ID technology to secure vehicle transactions and work with cybersecurity experts to design a platform that is not open to conventional attacks.