Ten billion passwords were leaked. How you can reduce the risks and protect yourself

Nearly 10 billion unique passwords were leaked on a widely known cyber forum. This record-breaking password leakage came from decades of data breaches and has the potential to be exploited in future attacks.

The database, named 'rockyou2024.txt', is said to contain nearly 10 billion unique passwords, which were collected from thousands of data leaks. This massive collection surpasses the previous record set by RockYou2021, as there were an additional 1.5 billion new passwords leaked.

In response, Kaspersky experts issued practical guidance to help users protect themselves in the wake of the widespread data breach:

Control the impact of the breach

When a data breach occurs, the first thing a user is advised to do is to check if their data has been affected. Modern security solutions enable the identification of leaked data and provide alerts to enhance security measures if necessary. In addition to internal services, there are some public sources that could help identify whether or not personal data has been leaked.

Change passwords as soon as possible

In the event of a data breach, it is important to immediately change your passwords and examine all other websites where the same password is used. New passwords should be unique for each account, be at least 8 characters long, and combine letters with numbers and symbols. To check whether a combination is strong enough, you can use a password checker.

Block and reissue your bank card, if necessary

If payment data was stored by a service that suffered a data breach, it's best to block and reissue a card for greater security. Usually reissuing a bank card doesn't take much time and effort, so it can save you from a bigger hassle.

Install a reliable password manager

Such a tool creates strong passwords and stores them securely in an encrypted vault. Besides, it has the ability to monitor data leaks and check if the user's passwords have been compromised.

Don't skip the two-factor authentication (2FA)

Recent research by Kaspersky has revealed how easily accounts without 2FA and strong passwords can be compromised. To protect an account from unauthorized access, it is highly recommended to set up 2FA. This can be accomplished by receiving a confirmation SMS, email, or by using an authentication app or password manager that generates one-time passwords

Securely close accounts that are not being used

If you do not intend to continue using a service after a data leak, it is advisable to delete the account and request complete removal of all data collected by contacting technical support or the address listed in the Privacy Policy. This step, often described in the "Your rights" section of the Legal Services, may also reveal the extent of the data exposure.

Share only the strictly necessary personal information online

As mass service leaks are not uncommon, it is recommended that information submitted to a service be kept to a minimum. When registering, the use of a primary email address is unnecessary: auto-replacement can be used instead. In addition, if not required, omit the real name and home address.