In 2021, the RockYou2021 password leak occurred in which 8 billion passwords from various platforms were compromised, which was the largest security issue to date. In July 2024, the RockYou2024 leak was updated by a new hacker named ObamaCare.
Through this latest leak, as many as 10 billion passwords have been shared, and the hacker confirmed that this new number of passwords uses the previous RockYou2021 leak database. It means that from 2021 until July of this year, as many as 1.5 billion new passwords have been added to this database.
Kaspersky Labs announced that they tested this database, and found that 32 percent of the passwords tested used phrases that were not strong enough to be used as passwords for the modern digital world.
Most passwords today are encrypted using MD5 and SHA (Secure Hash Algorithm) text encryption technology. This is fine, but the use of easy phrases to flip from ciphertext to plaintext doesn't help.
This is because by using brute-force algorithms and modern GPUs, simple passwords can be decrypted using modern computers in 60 minutes on average. The simpler the phrase used, the faster the password can be decrypted.
What is even more surprising is that Kaspersky has built an AI bot developed using a language model based on this RockYou2024 database, and found that their AI bot can guess 78 percent of these passwords at a rate three times faster than brute force.
The advice of Kaspersky Labs, and various other security parties is to use password management applications to create passwords using random alphabets and symbols rather than using phrases that are easy to remember.