Security leaks happen daily, with hackers evolving their methods and proving more creative with every emerging attack, especially toward business owners with a lot of sensitive data. But on July 4, the cybersecurity community noticed a massive leak of passwords rivaling any that’s come before.
The RockYou Sequel No One Wanted To See
You might remember the RockYou data breach if you’ve been in business since 2009. It took advantage of insecure storage efforts, leaving 32 million user access credentials on several platforms for any online attacker to read in plaintext. With it, attackers stole personal data and identities.
Sadly, this original RockYou leak was no match for the RockYou 2024 version that surfaced in early July. It put its predecessor to shame, with 9,948,575,739 passwords settling on a notorious hacking forum file labeled rockyou2024.txt. But while the news shocked all and struck fear in the hearts of business owners, most of the access codes involved were compromised long before they ended up in this database.
After cross-referencing with the Leaked Password Checker, experts found that over eight billion passwords came from old breaches that originated from over 4,000 databases. While some dated over 20 years, only 1.5 billion have been leaked since 2021.
What Your Business Can Do To Stay Safe From Future Breaches
If you are a business owner affected by this news, it’s too late to secure your old, corrupted passwords. Still, you can do plenty to keep from becoming a statistic if a third RockYou emerges in the future (or any other breach, for that matter). And robust encryption is half the battle.
With RockYou 2024, despite all the users having unique account login credentials, the passphrases were saved in plaintext in a readable format. If your business encrypts saved information, you no longer have to worry about leaks. Even if the hackers uncover the data, they can’t crack the code to understand and share it.
How To Encourage Your Users To Have Better Password Habits
Your online users can also protect themselves, starting with password changes. But you have to warn them about the attack. If they continue to use corrupted credentials, their entire account and all the information they update will become compromised.
Between encrypting your files and your users changing their login credentials, you can guarantee much more protection. However, suppose your customers use the same credentials for other accounts on different platforms. In that case, hackers can find it elsewhere and use it on your platform. So, encourage password managers to create and store unique codes for each site they use to avoid a domino effect.
They can also use multi-factor authentication where they incorporate security or login keys, access tokens, or unique security phrases. MFA adds a double layer of protection to your users’ accounts.
Using strong passwords and authentication codes properly protects you and your customers. So, stay on top of recent developments in the digital world, and stay safe!