A staggering 16 billion user credentials have been exposed in what cybersecurity analysts are calling the largest password leak in internet history, raising concerns for billions of users across platforms including Apple, Google, Facebook (Meta), Microsoft, and X (formerly Twitter).
The breach—being referred to as “RockYou2024” by security researchers—appears to be an evolution of the infamous RockYou2021 compilation. According to data from Cybernews, Hudson Rock, and independent verification by Kaspersky Lab, the newly surfaced database includes a mixture of legacy breaches and fresh leaks, compiled into a single, massive dataset now circulating across dark web forums and encrypted messaging channels like Telegram.
Contents of the Breach
The leaked database reportedly contains:
- 16 billion plaintext and hashed passwords
- Usernames and email addresses
- In some cases, IP logs and device identifiers
Cybernews, which examined a sample of the data, called it a “Credential Stuffing Goldmine”, warning that attackers could use it to automate login attempts across major platforms.
“What makes RockYou2024 so dangerous is its size and freshness. This isn’t just recycled data—it includes information likely gathered from recent vulnerabilities and ongoing data scraping operations,” said Alon Gal, co-founder of Hudson Rock.
Companies Respond
While there is no indication that the core systems of Apple, Google, Facebook, or Microsoft were directly breached, the scale of leaked credentials implies that millions of user accounts tied to these services could now be vulnerable to unauthorized access.
- Apple released a statement urging users to change passwords and enable two-factor authentication (2FA).
- Google said it is scanning user accounts for suspicious logins and has temporarily increased verification checks.
- Meta (Facebook, Instagram, WhatsApp) and Microsoft are monitoring for account takeover activity.
“We take these incidents seriously and advise users to follow security best practices immediately,” a Meta spokesperson told The Verge.
Origin and Distribution
Cybersecurity firm SOCRadar reports that the breach was first seen on criminal Telegram channels and has since spread to popular hacking forums on the dark web.
The “RockYou2024” file—named after the 2009 RockYou breach and its 2021 sequel—contains previously unseen credentials, suggesting that data from new attacks in 2023 and 2024 may have been added.
User Safety and Recommendations
Security experts are urging all internet users to take immediate action:
What You Can Do Now:
- Change passwords on major accounts (email, banking, social media).
- Activate 2FA where available, preferably via authenticator apps.
- Use password managers
- Check exposure via HaveIBeenPwned.com
Potential Impact
This leak presents a serious threat to both individuals and organizations. Credential-stuffing attacks—where hackers use leaked credentials to access accounts on unrelated platforms—are expected to surge.
“RockYou2024 is the equivalent of giving a skeleton key to bad actors across the internet,” said cybersecurity analyst Lila Barrett of Arctic Wolf. “It amplifies every weak password and duplicated login.”
Industry insiders also warn of cascading effects, including:
- Identity theft
- Business email compromise (BEC) attacks
- Access to sensitive cloud services and corporate data
Ongoing Investigation
Law enforcement agencies including Europol and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are reportedly working to trace the origins and distribution channels of the data dump.
Cybernews and other researchers continue to monitor where and how the database is being used.
SOURCES:
- Cybernews: “RockYou2024: 10 Billion Passwords Leaked in Largest Compilation Ever”
- Hudson Rock via Twitter/X: @AlonGal
- Kaspersky Lab Blog: [Threat Intelligence Update – June 2025]
- HaveIBeenPwned: https://haveibeenpwned.com
- The Verge: Tech company responses to breach (Meta, Google)
- SOCRadar Intelligence Feed: RockYou2024 breach trace
- CERT-EU and CISA bulletins (June 2025)
This is a developing story. Further updates will be provided as more information becomes available.
Note:This article is part of our ongoing cybersecurity coverage and reflects the latest verified information at the time of publication. We will continue to update this story as more details emerge. Readers are advised to remain cautious and take proactive security measures.