According to Cybernews, what appears to be the world's largest password collection, called RockYou 2021, has been leaked on a famous hacker site. A forum user uploaded a 100GB TXT file containing 8.4 billion password entries.
All of the passwords in the leak, according to the author, are 6-20 characters long, with non-ASCII characters and white spaces eliminated. According to the same individual, the collection has 82 billion passwords. However, Cybernews discovered that the actual figure was roughly ten times lower, at 8,459,060,239 entries, after conducting its own testing.
The forum member has named the compilation ‘RockYou2021,' probably in allusion to the historic RockYou data breach that occurred in 2009 when threat actors hacked into the social app website's servers and obtained over 32 million user passwords stored in plain text.
This leak is equivalent to the Compilation of Many Breaches (COMB), the greatest data breach compilation ever, with a collection that exceeds its 12-year-old namesake by more than 262 times. The RockYou2021 compilation, which has been accumulated by the individual behind the compilation over several years, contains its 3.2 billion hacked credentials, as well as credentials from numerous other hacked databases. Given that only roughly 4.7 billion people are online, the RockYou2021 compilation might theoretically contain the passwords of the entire global online population almost two times over.
“By combining 8.4 billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts,” CyberNews notes.
“Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if you feel one or more of your passwords may have been exposed as a result of the RockYou2021 incident, you should change your passwords for all of your online accounts right away. A password manager, according to Cybernews, can help you build strong, complex passwords that aren't easy to remember. You may also set up two-factor authentication (2FA) across all of your accounts. Finally, as always, carefully check all unsolicited spam emails, phone calls, and text messages for signs of phishing.