Largest collection of passwords ever has been leaked online

Passwords
(Image credit: Shutterstock)
Audio player loading…

The largest password collection of all time has been leaked on a popular hacker forum after a user posted a 100GB text file containing 8.4bn passwords that were likely combined from previous data leaks (opens in new tab) and breaches (opens in new tab).

According to the author of the post, all of the passwords included in the leak are between 6-20 characters long and all non-ASCII characters and white spaces were removed. 

While the author also claims that the text file they posted contains 82bn passwords, based on tests carried out by CyberNews (opens in new tab), the actual number of passwords is almost ten times lower at 8,459,060,239 unique entries.

The forum user who posted the collection of passwords has dubbed the compilation 'RockYou2021' which is likely a reference to the RockYou data breach that occurred in 2009. At the time, cybercriminals hacked their way into the servers of the company that made widgets for users' MySpace pages (opens in new tab) and were able to obtain more than 32m passwords stored in plain text.

RockYou2021

Although the forum user has named their stolen password collection after the RockYou data breach, this leak is actually more comparable to the Compilation of Many Breaches (COMB (opens in new tab)) which was the largest data breach compilation ever with 3.2bn passwords.

Surprisingly, one of the reasons RockYou2021 is so big is due to the fact that it contains all 3.2bn passwords from the Compilation of Many Breaches along with passwords from multiple other leaked databases. Based on this, it appears that the forum user has been quietly collecting leaked passwords over the years and storing them.

As there are only 4.7bn people online, the RockYou2021 compilation potentially includes the passwords of the entire global population almost two times over.

For this reason, users should check CyberNews' personal data leak checker (opens in new tab) as well as the news outlet's leaked password checker to see if any of their passwords are included in RockYou2021. If so, these passwords should be changed immediately by using either a password manager (opens in new tab) or password generator (opens in new tab) to create strong, unique passwords for each of your online accounts.

Via CyberNews (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.