The largest password collection of all time has been leaked on a popular hacker forum after a user posted a 100GB text file containing 8.4bn passwords that were likely combined from previous data leaks and breaches.
According to the author of the post, all of the passwords included in the leak are between 6-20 characters long and all non-ASCII characters and white spaces were removed.
While the author also claims that the text file they posted contains 82bn passwords, based on tests carried out by CyberNews, the actual number of passwords is almost ten times lower at 8,459,060,239 unique entries.
- We've built a list of the best password managers available
- These are the best identity management software solutions
- Also check out our roundup of the best security keys
The forum user who posted the collection of passwords has dubbed the compilation 'RockYou2021' which is likely a reference to the RockYou data breach that occurred in 2009. At the time, cybercriminals hacked their way into the servers of the company that made widgets for users' MySpace pages and were able to obtain more than 32m passwords stored in plain text.
Although the forum user has named their stolen password collection after the RockYou data breach, this leak is actually more comparable to the Compilation of Many Breaches (COMB) which was the largest data breach compilation ever with 3.2bn passwords.
Surprisingly, one of the reasons RockYou2021 is so big is due to the fact that it contains all 3.2bn passwords from the Compilation of Many Breaches along with passwords from multiple other leaked databases. Based on this, it appears that the forum user has been quietly collecting leaked passwords over the years and storing them.
As there are only 4.7bn people online, the RockYou2021 compilation potentially includes the passwords of the entire global population almost two times over.
For this reason, users should check CyberNews' personal data leak checker as well as the news outlet's leaked password checker to see if any of their passwords are included in RockYou2021. If so, these passwords should be changed immediately by using either a password manager or password generator to create strong, unique passwords for each of your online accounts.
- We've also featured the best antivirus
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.