Hacker Leaks Collection of 10 Billion Passwords From Users Worldwide - 1

Hacker Leaks Collection of 10 Billion Passwords From Users Worldwide

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A hacker under the user name ObamaCare posted on an underground hacker forum a compilation of 9,948,575,739 passwords in plaintext through a file titled “rockyou2024.txt” on July 4th.

The leak has been discovered by researchers at Cybernews , who consider this to be the largest password compilation leak in history. Cybernews researchers used their site’s Leaked Password Checker and confirmed that the document contains login details from users from all over the world collected from old and recent data breaches.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” said researchers from Cybernews. “Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset.”

It’s not the first time this hacker has revealed databases. According to the researchers, even though the account ObamaCare was created in May this year, the user had already shared sensitive information from Simmons & Simmons, AskGamblers, and Rowan College at Burlington County.

A similar collection was leaked three years ago, the RockYou2021 collection contained 8.4 billion passwords. The new database, RockYou2024, includes the previous leak data plus 1.5 billion passwords collected from the past three years. Hackers have been piling up information for years—another RockYou leak was reported in 2009— for these leaks.

Another massive data breach—from different hackers— including Snowflake’s clients like Santander and Ticketmaster was reported just a few weeks ago. However, these recent events should not be feared.

According to security experts interviewed by Forbes , even though RockYou2024 seems massive and is an unfortunate situation, users shouldn’t panic. Experts recommend people to update passwords, add a two-step verification system—multi-factor authentication is crucial to maintain personal and organizational safety—, and use password managers.

Detroit Police Reforms AI Facial Recognition Use Following Lawsuit - 2

By freepik

Detroit Police Reforms AI Facial Recognition Use Following Lawsuit

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a landmark settlement this week, Robert Williams, reached an agreement with the City of Detroit. This comes after his wrongful arrest in 2020 based on faulty facial recognition technology. The incident highlighted concerns about the technology’s accuracy and potential for racial bias.

On January 9, 2020, Detroit police officers arrested Williams on his front lawn, in front of his wife and two young daughters. “They refused to tell me why, and I had to spend the night sleeping on a cold concrete bench in an overcrowded, filthy jail cell before finally finding out that I was being falsely accused of stealing designer watches from a Detroit boutique,” Williams told TIME .

During interrogation, it was revealed they relied solely on facial recognition software that incorrectly identified Williams from blurry security footage. Williams spent 30 hours in jail before the charges were dropped.

“The system somehow returned my expired driver’s license photo as an ‘investigative lead’ that might match the thief,” Williams explained. “Rather than investigate the accuracy of this purported match, police accepted the ‘lead.’”

While the settlement doesn’t ban facial recognition entirely, it imposes stricter controls on the Detroit Police Department’s (DPD) use of the technology. Crucially, photo lineups can no longer be based solely on facial recognition matches. Police must now uncover independent evidence before conducting a lineup after using the technology.

The incident highlighted broader issues with facial recognition technology. Past studies have shown that law enforcement agencies using automated facial recognition disproportionately arrest Black people. Factors contributing to this include the lack of Black faces in the algorithms’ training data sets, a belief in the infallibility of these programs, and officers’ own biases magnifying these issues.

Capitol Technology University highlights the systemic biases inherent in historical data used to train algorithms, stating , “If the historical data used to train algorithms and develop technologies reflects systemic biases, they are likely to perpetuate those same historically unequal opportunities and exacerbate inequalities.” Alarmingly, facial recognition systems have been shown to misidentify people of color up to 100 times more frequently than White Americans.

In a statement Williams emphasizes the human cost of misused technology: “I never thought I’d have to explain to my daughters why daddy got arrested,” Williams stated in a Washington Post interview. “How does one explain to two little girls that a computer got it wrong, but the police listened to it anyway?”

The settlement in Williams’ case represents a step towards preventing future wrongful arrests, but the fight against potential racial bias in facial recognition software continues.