Data Breach Threats

Everything you need to know about RockYou2024

Everything you need to know about RockYou2024
Dan Tsabari
Dan Tsabari

Threat Intelligence Analyst

RockYou2024 was published on July 4th, 2024. RockYou2024 contains nearly 10 billion passwords, harvested from a vast number of different data breaches. The results are a fifteen percent increase in data from the original RockYou2021 file. 

In 2021, a threat actor published what was then the largest compilation of leaked passwords, with over 8.4 billion plain text passwords, known as RockYou2021. This large repository of stolen credentials was a gold mine for threat actors, making it easier for them to potentially access sensitive information and take over accounts. 

What can we find about RockYou2024 on the deep and dark web?

RockYou2024 was published as a text file by a threat actor named ObamaCare, who only recently joined the well-known hacking forum LeakBase. The post went viral and was shared on other popular platforms including BreachForums, Kohlchan, and Telegram (all of which are monitored by Lunar, powered by 

The following graph, taken from Lunar, shows that no one disclosed any information about RockYou2024 until July 2024, and that the discussions about the leak hit a sharp peak and then declined. 

A timeline on Lunar showing the spike in posts related to ‘RockYou2024’

The RockYou2024 File

A new user named ObamaCare posted the file to LeakBase on July 4. The largest cache of leaked information to date, this file contains 9.9 billion passwords from users around the world. The passwords were taken from RockYou2021 plus an additional 1.5 billion new passwords from the past three years.

Even though the original thread was mysteriously removed from LeakBase  we can still find it using our dark web monitoring tool, Lunar, which indexes and archives content from the deep and dark web. 

Screenshot from Lunar showing the original post shared on Leakbase

We could find theRockYou2024 file shared on various forums across the dark web  and users thanked ObamaCare for the information. 

Screenshot from Lunar showing ‘Rockyou2024’ shared on BreachForums

Discussions about the RockYou2024 data leak

Some users claimed this leak could be “a huge upper hand” for threat actors, such as the user in the next image, taken from an alternative social media platform.

Screenshot from Lunar showing ‘Rockyou2024’ discussed on alternative social media

What kind of threats does RockYou2024 pose? 

Threat actors can use passwords in this massive compilation of 9.9 billion passwords to conduct various types of attacks, but the primary threat is brute-force attacks. Brute force attacks require password databases to gain unauthorized access to various online accounts of both individuals and corporations. They could run a script that automatically checks these passwords against existing login credentials to break into the account. 

The big picture 

Zooming out, we see that leaking passwords is the first step in MITRE’s ATT&CK Vector for Enterprise. Reconnaissance, or information gathering, involves collecting personal data about the person or group they target. Once a threat actor has the necessary information (email addresses, end platforms, and phone numbers) they can perform Account Takeover (ATO) and identity theft.

How to keep track of future credential leaks? 

As data breaches and leaks continue to rise, both in scope and in frequency, it has become essential to track whether the credentials of your employees or clients have been compromised. 

Stay informed on the dark web chatter 

As the landscape of online security evolves, so does the cyber security professional’s job. For this reason, it’s critical to keep track of your organization’s important information with comprehensive dark web monitoring tools, such as Lunar, by Filter through the noise by easily accessing the data you need from dark web marketplaces or alternative social media to proactively monitor threats to your organization. 

Spread the News

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to's Privacy Policy and further marketing communications.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need


Don't be the last one to know!

Chances are your compromised data is already traded on the dark web.
Ready to discover them and protect your business?

Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about’s solutions
Create your API account and get instant access to millions of web sources