The largest password collection of all time has been leaked on a popular hacker forum after a user posted a 100GB text file containing 8.4bn passwords that were likely combined from previous data leaks and breaches.
According to the author of the post, all of the passwords included in the leak are between 6-20 characters long and all non-ASCII characters and white spaces were removed.
While the author also claims that the text file they posted contains 82bn passwords, based on tests carried out by CyberNews, the actual number of passwords is almost ten times lower at 8,459,060,239 unique entries.
- We've built a list of the best password managers available
- These are the best identity management software solutions
- Also check out our roundup of the best security keys
The forum user who posted the collection of passwords has dubbed the compilation 'RockYou2021' which is likely a reference to the RockYou data breach that occurred in 2009. At the time, cybercriminals hacked their way into the servers of the company that made widgets for users' MySpace pages and were able to obtain more than 32m passwords stored in plain text.
Although the forum user has named their stolen password collection after the RockYou data breach, this leak is actually more comparable to the Compilation of Many Breaches (COMB) which was the largest data breach compilation ever with 3.2bn passwords.
Surprisingly, one of the reasons RockYou2021 is so big is due to the fact that it contains all 3.2bn passwords from the Compilation of Many Breaches along with passwords from multiple other leaked databases. Based on this, it appears that the forum user has been quietly collecting leaked passwords over the years and storing them.
As there are only 4.7bn people online, the RockYou2021 compilation potentially includes the passwords of the entire global population almost two times over.
For this reason, users should check CyberNews' personal data leak checker as well as the news outlet's leaked password checker to see if any of their passwords are included in RockYou2021. If so, these passwords should be changed immediately by using either a password manager or password generator to create strong, unique passwords for each of your online accounts.
- We've also featured the best antivirus