RockYou2021
A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches, tech news site CyberNews said on Monday.
From what I can tell, the collection of passwords range from 6 characters to 20 characters in legnth, with non-ASCII characters and white spaces removed. The user who leaked the information claimed there were 82 billion passwords passwords, but has since been refuted by Cybernews and puts the figure closer to 8.4 billion.
The compilation itself has been dubbed ‘RockYou2021’ by the forum user, presumably in reference to the infamous RockYou data breach that occurred in 2009 and rockyou2021.txt filename containing all passwords, when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text.
This collection of passwords exceeds it’s 12-year-old name by more than 262 times! This is comparable to the COMB (Compilation of Many Breaches) – the largest ever.
Considering there are an average of 4.7 billion people online, RockYou2021 potentially includes passwords from the global population, almost two times over. Thats nuts!
By combining 8.4 billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts.
Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if not billions.
- Use a reputable data leak checker where you can enter your email address to find out if your account may have been caught in a breach. Sites worth trying include Have I Been Pwned, Firefox Monitor, and Avast Hack Check.
- If you know or even suspect that one of your accounts was caught in a data breach, change your password immediately.
- Consider using a password manager to create, store and apply strong and secure passwords for your online accounts.
- Enable multifactor authentication on any accounts where this method is offered.
- Look out for an increase in spam and phishing emails through which attackers try to use your leaked email address to scam you.
Because COMB is a quick, searchable, well-organized database of past major leaks, it naturally contains past leaks. This includes major leaks from popular services such as Netflix, Gmail, Hotmail, Yahoo and more.
Based on our analysis of the breached data, there are approximately 200 million Gmail addresses and 450 million Yahoo email addresses in the COMB data leak.
In 2015, The Independent reported on an apparent “Netflix hack” where cybercriminals were able to log into Netflix users’ accounts worldwide. However, Netflix has never admitted to being hacked, and this is more likely a casualty of the fact that users often use the same passwords for different accounts.
It's not to late to improve your security!
One of the newest features for browsers today is the ability for them to recommend strong passwords. Coupled with the ability to store the strong passwords in the browser, this makes for an excellent strategy. Each site will have it’s unique strong password – 6plv2^s:WD_N – and you can review it anytime under your browsers settings!
How to generate a secure password in Firefox
Click for more information
How to generate a secure password in Chrome
Click for more information
How to generate a secure password in Edge
Click for more information
