Technology
World's largest stolen password database uploaded to criminal forum
Change your passwords often
When you don’t have a thoughtful, strong password picked out, a clever hacker could easily compromise your privacy and security, creating devastating losses and enormously painful hassles in your life.
Security researchers have discovered what appears to be the largest password leak of all time, containing around 10 billion unique, plain text passwords. The file, titled “rockyou2024.txt,” was posted on a leading hacking forum by a hacker using the name “ObamaCare.”
The passwords didn’t leak in a single data breach; they are part of both old and new data breaches. This is bad news for everyone because hackers can use these passwords to access not only your personal data but also your financial information, especially if you use the same password for multiple services.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
People working on laptops (Kurt “CyberGuy” Knutsson)
What you need to know about RockYou2024 leak
The massive trove of passwords was discovered by researchers at Cybernews, who believe the leak poses severe dangers to users prone to reusing passwords. The report revealed that the password file, which was posted on BreachForums criminal underground forum, contained an astonishing 9,948,575,739 unique passwords, all in plain text format.
According to Cybernews, RockYou2024 isn’t an entirely new leak. It apparently comprises an earlier credentials database known as RockYou2021, which featured 8.4 billion passwords. The hackers scoured the internet for data leaks, adding another 1.5 billion passwords from 2021 through 2024, increasing the dataset by 15%.
“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers said, noting that they cross-referenced the passwords included in the RockYou2024 leak with data from Cybernews’ Leaked Password Checker.
ObamaCare, the forum member who posted the password file, registered on the forum in May this year but has already leaked multiple other databases. For instance, they have previously shared an employee database from the law firm Simmons & Simmons, a lead from the online casino AskGamblers, and student applications for Rowan College at Burlington County.
Post announcing the leak on a hacker forum (Cybernews) (Kurt “CyberGuy” Knutsson)
ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA
How does this leak affect you?
The password leak puts you at risk of credential stuffing attacks, which can be very damaging. Credential stuffing is when someone takes passwords from one data breach and tries to use them to log into other services.
For example, a hacker might use passwords from an AT&T breach or a previous breach with 26 billion records to see if you use the same password for your bank account.
“Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset,” the researchers explained.
A woman working on her computer (Kurt “CyberGuy” Knutsson)
MASSIVE DATA BREACH EXPOSES OVER 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS
How can I check if my information was sold on the dark web?
To check if your information was sold on the dark web, you can go to haveibeenpwned.com and enter your email address into the search bar. The website will search to see what data of yours is out there and display if there were data breaches associated with your email address on various sites. You may have even received an email from the website already saying that some of your data was stolen, and you should look into this immediately if that is the case.
What do I do if my data has been stolen, and how do I protect myself?
If you think you may have been affected by the massive password leak, follow these tips to safeguard yourself.
1) Change your passwords: Never use the same password for multiple services you use. If you recall adding the same password on different apps or websites, consider changing it to something different. Consider using a password manager– to generate and store complex passwords.
2) Set up two-factor authentication (2FA): 2FA is an extra shield that prevents hackers from accessing your accounts. It requires that after entering your password, you add another piece of information. This could be a code sent to your phone via SMS, a code generated by an authenticator app, a fingerprint scan or a hardware token.
3) Remove your personal information from the internet: Although no service can promise total removal of your data from the internet, using a removal service is a smart step. These services can help you monitor and systematically erase your personal information from hundreds of websites, offering you greater privacy and peace of mind. Preventing a scammer from being able to cross-reference your data from a breach from data they may find of yours on the dark web is a smart step to prevent scammers from targeting you. Remove your personal data from the internet with my top picks here.
4) Use a VPN: Consider using a VPN to protect your online activity and data. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit. See my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.
5) Monitor your accounts: Regularly review your bank statements, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company. See my tips and best picks on how to protect yourself from identity theft.
Kurt’s key takeaway
The RockYou2024 leak is a wake-up call for everyone who uses the internet. It shows that even the data you entrust to companies might not be completely safe. While we can take steps to protect ourselves, the real responsibility lies with the apps and services we rely on. They need to step up their security game to prevent these huge data breaches from happening in the first place.
What measures do you believe companies should take to protect user data and prevent breaches like the RockYou2024 leak? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25555358/NEOM_1_scaled.jpg "Saudi Arabia proposes World Cup stadium straight out of a cyberpunk dystopia")
You’ll instantly notice the polygonal shapes making up the roof of the stadium, with the fractured pieces creating a mirror above those seated within the beehive-like setup. The Neom Stadium will be able to hold 46,000 people and “run entirely on renewable energy, generated primarily from wind and solar sources.” Construction is expected to be completed in 2032.
It looks like the stadium’s aesthetic will fit right in with The Line, the 106-mile-long linear city surrounded by reflective walls with a vertical housing system, a high-speed rail, and “100% renewable energy.” Saudi Arabia has been criticized for reportedly using lethal force to clear villages in the path of The Line, as well as concern over the amount of resources that it will need for construction.
Aside from the Neom stadium, Saudi Arabia is planning to build the three-tiered Prince Mohammed bin Salman stadium (pictured above) on the side of a cliff surrounded by colored glass and LED screens. Of course, these are still just renders for now, and the real things could end up looking entirely different.
Our iPhones have become an extension of ourselves, holding our memories, connections and sensitive information.
The sinking feeling of realizing you’ve misplaced your iPhone can be overwhelming, not just because of its hefty price tag but also because of the potential security risks if it falls into the wrong hands.
Fortunately, there are multiple ways to track down your device. We’ll guide you through several effective methods to locate your missing iPhone, ensuring peace of mind and the safe recovery of your valuable device.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
A person trying to locate an iPhone (Kurt “CyberGuy” Knutsson)
Four ways to find a lost iPhone
While you can use most Apple devices to help locate your iPhone, below includes one way to use an Apple device and three ways without an Apple device to find your iPhone.
1. Use iCloud to locate your iPhone
You can log into your iCloud account to use Find My on your web browser to locate your iPhone. Please note you would’ve already had to turn on location services and add your iPhone to Find My in order to use this feature. Below are steps on how to use iCloud to locate your iPhone:
- Type iCloud.com in the search bar of your web browser
Steps to use iCloud to locate your iPhone (Kurt “CyberGuy” Knutsson)
BEST ACCESSORIES FOR YOUR PHONE
- Input the email address used to start your iCloud account. This is usually the same email you use for your Apple ID.
=Steps to use iCloud to locate your iPhone (Kurt “CyberGuy” Knutsson)
- Input your password (unless you use a passkey)
- There may be a two-step authentication process to verify your identity. You’ll be asked to allow or disallow verification on a secondary device. If so, select Allow. Then, enter the passcode provided on this secondary device.
- Once logged into your iCloud account, scroll down to the App icons at the bottom left of the screen.
- Select the Find My icon.
Steps to use iCloud to locate your iPhone (Kurt “CyberGuy” Knutsson)
- All your Apple devices should be listed on a menu on the left side of the screen.
- Locate your iPhone and click the device icon
Steps to use iCloud to locate your iPhone (Kurt “CyberGuy” Knutsson)
- It should show you a map of approximately where your iPhone is located.
- You can click Play sound if you are close enough to listen for sounds coming from your iPhone, or you can see where it is on the map.
Steps to use iCloud to locate your iPhone (Kurt “CyberGuy” Knutsson)
HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE
2. Use Siri to locate your iPhone
If Siri has been enabled on your iPhone and you believe the iPhone is somewhere near you, you can call out ‘Hey Siri’ loudly. It will light up and respond verbally, which will help you locate it.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Siri on iPhone (Kurt “CyberGuy” Knutsson)
TOP IPHONE CASES OF 2024
3. Use Apple Watch to locate your iPhone
Even though it would be using another Apple device, using the Apple Watch is a convenient way to locate your iPhone. This is called the ping feature. To find your iPhone using an Apple Watch running watchOS 10 or later:
- Press the Digital Crown to return to the watch face.
- Press the side button (the oval button below the Digital Crown) once to open the Control Center.
- Tap the Find iPhone button in the Control Center. It’s represented by a rectangle with curved lines around it.
- Your iPhone will emit a pinging sound to help you locate it.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
A man using his Apple Watch to locate his iPhone (Kurt “CyberGuy” Knutsson)
BEST PORTABLE PHONE CHARGERS OF 2024
4. Use Google Maps Timeline to locate your iPhone
You can use Google Maps Timeline to view the last known locations of your iPhone if Location Services and Location History are enabled on the device. This can help you identify where your iPhone was last seen. To access this:
- Open a web browser and go to Google Maps Timeline.
- Log into the same Google account used on your iPhone.
- Check the location history to see where your iPhone was last located.
A person using Google Maps Timeline to find their iPhone (Kurt “CyberGuy” Knutsson)
HOW TO MAKE YOUR DEVICE IMPOSSIBLE TO SNOOP ON WITH A PRIVACY SCREEN
Kurt’s key takeaways
Nothing is more irritating and worrisome than misplacing your iPhone. It is worse if you lose it outside of your home or have it stolen. Even if you don’t own other Apple devices, you can use some of the different methods to locate your iPhone. While it is tempting to recover your iPhone from whoever has taken it, if your iPhone is in the hands of an unknown person, resist the urge to confront them directly and contact local law enforcement instead.
Have you ever lost or had your iPhone stolen? How did you find out where you last had it in your possession? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25546248/STK169_Mark_Zuckerburg_CVIRGINIA_B.jpg "Meta’s future is AI, AI, and more AI")
The good news for Meta is that, unlike pretty much every AI startup, it already makes a lot of money. Last quarter, the company made just over $39 billion in revenue, up 22 percent from a year ago, and about $13.5 billion in profit, up 73 percent. 3.27 billion people use at least one of Meta’s apps every day. That kind of scale and money buys the ability to make big bets, which Zuckerberg is famous for doing.
On Meta’s Wednesday earnings call, CFO Susan Li reiterated to investors that financial returns from its recent AI investments will “come in over a longer period of time.” Zuckerberg was direct about why Meta is spending billions on Nvidia hardware and the other infrastructure ahead of these future returns: “It’s hard to predict how this will trend multiple generations into the future, but at this point, I’d rather risk building capacity before it is needed rather than too late.”
He again telegraphed that the Meta AI assistant is on track to be the most used in the world before the end of the year. While he touted that generative AI features “are things that I think will increase engagement in our products,” he said the real revenue will come from business use cases, like AI creating ads from scratch and letting businesses operate their own AI agents in WhatsApp for customer service.
Some other tidbits from the earnings call:
Tom Cruise to participate in 2024 Olympic Games closing ceremony: reports
Detroit Tigers Call Up Two Intriguing Relievers
Vance plans Arizona border visit as campaign hammers Harris on failings as 'czar'
'Bricks at Embarcadero Plaza': Free events to revitalize San Francisco
First Baptist Dallas to hold first service in worship center since catastrophic fire
See it: Tesla crashes into Columbus convention center at 70 mph
Fox News Politics: Georgia the whole day through
Colorado Rockies game no. 116 thread: Zac Gallen vs José Ureña
Death of missing Oregon girl found in stream ruled homicide
At least 2 dead as tornadoes hit Alabama, damage homes across Southeast
Democrats start virtual roll call to nominate Harris to be the party's nominee against Trump
Extensive Russia-US prisoner swap under way: Sources
Trump’s comments about Harris’ race kicks off a new – yet familiar – chapter in the 2024 presidential campaign | CNN Politics
House conservative who's twice moved to impeach Vice President Harris faces competitive GOP primary
Why are fewer women winning EU leadership roles?
-
Mississippi2 days agoMSU, Mississippi Academy of Sciences host summer symposium, USDA’s Tucker honored with Presidential Award
-
News1 week agoHow the Trump Rally Gunman Had an Edge Over the Countersnipers
-
World1 week agoTyphoon Gaemi barrels towards China’s Fujian after sinking ship off Taiwan
-
Politics1 week agoTop five moments from Secret Service director's hours-long grilling after Trump assassination attempt
-
World1 week agoViolence against women, girls at ‘epidemic’ levels: UK police
-
News1 week agoGeorge Clooney Endorses Kamala Harris, Says Biden Is ‘Saving Democracy’
-
News1 week agoVideo: Secret Service Director Faces Bipartisan Calls to Resign
-
News1 week agoA coup, fake signatures and deepfakes are the latest conspiracy theories about 2024