Share this article on:
“Xmas comes early this year,” says a post claiming to share one of the largest password compilations ever seen.
A member of a hacking forum known for sharing large data leaks appears to have outdone themselves after posting a compilation of nearly 10 billion unique passwords.
The user – named ObamaCare – made the post on 4 July on a popular hacking forum, sharing a file called rockyou2024.txt.
“Xmas came early this year,” ObamaCare said. “I present to you a new rockyou2024 password list with over 9.9 billion passwords.”
“I updated rockyou21 with collected new data from recent leaked databases in various forums over this and last years.”
The shared list has 9,948,575,739 passwords in all, and it appears to be a compilation of new and old leaks compiled into a single list. The file is a 45.6 gigabyte .zip archive.
ObamaCare also added that they had cracked some themselves.
“Also cracked some old ones with my new 4090,” ObamaCare said, referring to a model of high-end Nvidia graphics card. “This contains actual new real passwords from users.”
The same user has previously shared leaked databases from AskGamblers, an online casino, and an employee database from Simmons & Simmons, a large UK-based law firm.
While the latest list is definitely large – possibly the largest ever shared – the list it builds on, rockyou2021, already had about 8.4 million passwords, according to reporting from Cybernews.
The initial post appears to have been deleted, but the list has sparked considerable discussion on the forum it was posted to. According to one forum user who took the time to analyse the list, “it seems it is full of non-password entries”.
“Cleaned it up and posted the results here. It can be cleaned further by the way, there are a lot of other lines that are suspect to being hashes and not passwords,” the forum user said.
There’s a lot of duplicated data in the list and hashed passwords, suggesting that the list may not be as exhaustive as ObamaCare claims. Nonetheless, it’s a salient reminder to change any old passwords and make use of multifactor authentication wherever possible.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.