Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

The New RockYou2024 Collection has been published! 10 Billion Credentials Compromised

Alessio Stefan : 6 July 2024 15:40

Everyone involved with CTF has used the infamous rockyou.txt wordlist at least once, mainly to perform password cracking activities. The file is a list of 14 million unique passwords originating from the 2009 RockYou hack making a piece of computer security history. The “rockyou lineage” has evolved over the years.

Attackers used the original RockYou file as a starting point and continually added passwords from various data breaches. This culminated in RockYou2021, a list containing a staggering 8.4 billion records. These huge wordlists are used for credential stuffing and other brute-force attacks, putting untrained users at risk of unauthorized access, like Levi Strauss experienced this year. However reality is a little different

RockYou2024

With the 2021 version we touched high numbers but with the newest release is the (apparently) ultimate amalgamation. RockYou2024 has been released by the user “ObamaCare”

Dai potere alla tua programmazione con TypeScript funzionale

Impara a scrivere codice modulare, sicuro e scalabile con il nostro corso pratico di Programmazione Funzionale in TypeScript, guidato dall’esperto Pietro Grandi, professionista nello sviluppo del software. 
In 6 ore e 29 lezioni, esplorerai concetti fondamentali come immutabilità, funzioni pure, higher-order functions e monadi, applicandoli direttamente al mondo reale dello sviluppo software.
Il corso è pensato per sviluppatori, team leader e professionisti del software che desiderano migliorare la qualità e la manutenibilità del loro codice. Con esempi pratici, esercizi e la guida esperta di Grandi, acquisirai competenze avanzate per affrontare le sfide moderne dello sviluppo.
Approfitta della promo e scrivi subito all'amministrazione e guarda l'anteprima gratuita del corso su academy.redhotcyber.com
Contattaci per ulteriori informazioni tramite WhatsApp al 375 593 1011 oppure scrivi a [email protected]



Supporta RHC attraverso:
  1. L'acquisto del fumetto sul Cybersecurity Awareness
  2. Ascoltando i nostri Podcast
  3. Seguendo RHC su WhatsApp
  4. Seguendo RHC su Telegram
  5. Scarica gratuitamente "Dark Mirror", il report sul ransomware di Dark Lab

Se ti piacciono le novità e gli articoli riportati su di Red Hot Cyber, iscriviti immediatamente alla newsletter settimanale per non perdere nessun articolo. La newsletter generalmente viene inviata ai nostri lettori ad inizio settimana, indicativamente di lunedì.
 

This new version added 1.5 billion of records to the 2021 version reaching the 10 billions records. A wordlist can potentially be used for a multitude of tasks and having this number of records in a single file, especially in 2024 with increasingly aggressive data breaches, is a dream come true for attackers. The user have not specified the nature of the additional records but puntualize the new data comes from recent leaked databases.

Conclusions – not all that glitters is gold

This might seem like a valuable resource for attackers, but we need to analyze the contents to determine its true worth.

  1. Garbage Data = The unzipped file is 146GB worth but with some analysis a lot of discrepancy pop out. First the majority of 32 characters are all raw hashes (which break the promises of ObamaCare) which is about 15GB approximately, same thing for 60 character strings with as many GB. Moreover the file starts with a lot of 0x00 characters with no reason, company names and random strings are also part of the file. Probably ObamaCare wanted to reach 10 billion records at all costs just for fame or attention without taking care on the additional data.
  2. Real Threat and Risks = Even with 2 billions of record added to the 2021 version the risk and threat remains the same as 3 years ago. The size of this file shouldn’t scare you as much as you might think. In real-world attacks, attackers often prefer to buy targeted credentials from underground marketplaces (credential brokers) rather than resorting to brute-force attacks with massive wordlists. Skilled attackers prefer a more precise approach. They craft custom wordlists tailored to their targets. Dictionaries, word rules, and tools like Kewl, Crunch, Awk, and Sed become their weapons of choice, allowing them to act intelligently rather than relying on bulky wordlists.

While a massive wordlist like RockYou2024 can generate noise and attract attention, the underlying risk remains not that significant. Skilled attackers use targeted methods, and brute-forcing with unrefined data is inefficient for them. With the release of RockYou2024 there is no additional security meltdown nor huge security risk like have been described in these hours.

Alessio Stefan
Member of the Dark Lab group. Love the red color.

Lista degli articoli