The largest password collection of all time has been leaked on a popular hacker forum after a user posted a 100GB text file containing 8.4bn passwords that were likely combined from previous data leaks (opens in new tab) and breaches (opens in new tab).
According to the author of the post, all of the passwords included in the leak are between 6-20 characters long and all non-ASCII characters and white spaces were removed.
While the author also claims that the text file they posted contains 82bn passwords, based on tests carried out by CyberNews (opens in new tab), the actual number of passwords is almost ten times lower at 8,459,060,239 unique entries.
- We've built a list of the best password managers (opens in new tab) available
- These are the best identity management software (opens in new tab) solutions
- Also check out our roundup of the best security keys (opens in new tab)
The forum user who posted the collection of passwords has dubbed the compilation 'RockYou2021' which is likely a reference to the RockYou data breach that occurred in 2009. At the time, cybercriminals hacked their way into the servers of the company that made widgets for users' MySpace pages (opens in new tab) and were able to obtain more than 32m passwords stored in plain text.
Although the forum user has named their stolen password collection after the RockYou data breach, this leak is actually more comparable to the Compilation of Many Breaches (COMB (opens in new tab)) which was the largest data breach compilation ever with 3.2bn passwords.
Surprisingly, one of the reasons RockYou2021 is so big is due to the fact that it contains all 3.2bn passwords from the Compilation of Many Breaches along with passwords from multiple other leaked databases. Based on this, it appears that the forum user has been quietly collecting leaked passwords over the years and storing them.
As there are only 4.7bn people online, the RockYou2021 compilation potentially includes the passwords of the entire global population almost two times over.
For this reason, users should check CyberNews' personal data leak checker (opens in new tab) as well as the news outlet's leaked password checker to see if any of their passwords are included in RockYou2021. If so, these passwords should be changed immediately by using either a password manager (opens in new tab) or password generator (opens in new tab) to create strong, unique passwords for each of your online accounts.
- We've also featured the best antivirus (opens in new tab)
Via CyberNews (opens in new tab)