PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Check Your Accounts: 10 Billion Passwords Exposed in Largest Leak Ever

The 'RockYou2024' database includes almost 10 billion passwords pulled from 'a mix of old and new data breaches.' Here's how to check if yours are at risk.

Emily Price
 & Emily Price Weekend Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Shutterstock / Song_about_summer)

UPDATE 7/16: No need to panic: The RockYou2024 database is mostly full of junk that's of little use to hackers, according to researchers (though it's always good to make sure you're not re-using passwords across multiple services).

Original Story:
Are you reusing your passwords across multiple sites? It's time to reconsider.

Researchers at Cybernews have uncovered a massive trove of nearly 10 billion passwords on a popular hacking forum in what they're calling "largest password compilation" ever.

The file, titled rockyou2024.txt, was posted on July 4 by someone going by the name ObamaCare and contains a mind-boggling 9,948,575,739 unique plaintext passwords. The user only joined the forum in late May, but they've posted data from other breaches, too.

Recommended by Our Editors

This Week in Hacks: ShinyHunters Hit 7-Eleven, Trump Mobile Exposes Data, and Scammers Target World Cup Fans
This Week in Hacks: ShinyHunters Hit 7-Eleven, Trump Mobile Exposes Data, and Scammers Target World Cup Fans
Kash Patel's Apparel Site Is Trying To Trick Visitors Into Installing Malware
Kash Patel's Apparel Site Is Trying To Trick Visitors Into Installing Malware
Time to Switch: How to Set Up Passkeys Before Microsoft Ditches SMS 2FA Logins
Time to Switch: How to Set Up Passkeys Before Microsoft Ditches SMS 2FA Logins

According to Cybernews, this RockYou2024 file is "a mix of old and new data breaches." So it's not necessarily a new breach that ensnared 10 billion passwords. But compiling all these passwords into one massive, searchable database "substantially heightens the risk of credential stuffing attacks," Cybernews says.

Credential stuffing is when someone takes passwords obtained from one data breach and uses them to try to log into unrelated services. For instance, someone might use a password obtained from the AT&T breach to see if you use the same password for your bank account.

This isn’t the first RockYou password drop, but it is the largest. In 2021, RockYou2021 included 8.4 billion plain text passwords. Cybernews suspects the current file version contains a compilation of passwords obtained over the past 20 years, including those original 8.4 billion, so there’s a good chance at least one of your passwords is in it.

Cybernews has a Leaked Password Checker where you can plug in codes to see if they've been exposed. If you spot one, or just think one of yours may be weak, change it immediately to a strong password. Then, double-check your other accounts to make sure you're not reusing any passwords across services, and enable multi-factor authentication if it's offered. A password manager can help you keep things organized.

About Our Expert

Emily Price

Emily Price

Weekend Reporter

Emily is a freelance writer based in Durham, NC. Her work has appeared in The Wall Street Journal, The New York Times, Lifehacker, Popular Mechanics, Macworld, Engadget, Computerworld, and more. You can also snag a copy of her book Productivity Hacks: 500+ Easy Ways to Accomplish More at Work--That Actually Work! online through Simon & Schuster or wherever books are sold.

Read the latest from Emily Price

Read full bio