Largest password leak in history exposes cybersecurity weaknesses and brings LGPD into focus

The leakage of over 10 billion passwords, exposed on dark web forums in late June, has triggered a global warning about cybersecurity risks and the urgent need for compliance with the General Data Protection Law (LGPD). Dubbed "RockYou2024.txt," the file, released by a hacker known as "ObamaCare," aggregates data from platforms such as Apple, Google, and Facebook, including previously unseen combinations of emails and passwords.

The incident is considered one of the largest in history in terms of volume and scope. This episode demands an immediate response from companies and information technology professionals, especially given the legal requirements that have been in effect since 2020. According to Edgard Dolata, an LGPD expert lawyer and partner at Legal Comply and Dopp Dolata Advogados, this case highlights the vulnerability of digital infrastructures. "The fragility of digital security systems exposes not only consumers but also the reputation and legal liability of companies. Having a privacy policy on the website is not enough. It is necessary to demonstrate active governance in protecting this data," states Dolata.

The expert emphasizes that many organizations still treat the issue as a bureaucratic matter and neglect the establishment of efficient internal processes. He notes that the large-scale exposure of credentials increases the risks of social engineering, phishing scams, corporate breaches, and sanctions from the National Data Protection Authority (ANPD). "Data protection must cease to be a reactive measure. The LGPD requires registration, traceability, and rapid response in the event of incidents. This applies to both large platforms and small businesses, which often operate with vulnerable structures," he says.

In July, a period that typically sees an increase in remote access due to school holidays and hybrid work, the incidence of silent attacks also rises. Dolata advises companies to adopt measures such as multi-factor authentication, regular backups, and continuous access reviews. "The winter break not only reduces digital vigilance but often paralyzes incident response teams. This creates an ideal scenario for cyber attacks. Security planning must account for this seasonal behavior," he warns.

According to the lawyer, the recurrence of mega leaks and the absence of exemplary punishments continue to foster digital impunity. "As long as Brazil lacks a strong culture of accountability and prevention, we will continue to respond too late. Compliance with the LGPD is not just about legal protection; it is an operational necessity," he concludes.

Companies wishing to assess their exposure or initiate a compliance plan can seek specialized legal diagnostics and risk analysis tools on platforms such as Legal Comply, which monitors vulnerabilities and guides response plans based on the LGPD.