The biggest password leak of all time has appeared on a popular hacker forum after a user posted a 100GB text file, which contained 8.4 billion passwords that were probably combined from previous data leaks and breaches, reports Cybernews.
The forum user who posted the collection of passwords has entitled the collection as ‘RockYou2021’ which is probably a reference to the RockYou data breach that happened back in 2009,
“when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text.”
Despite the forum user naming their stolen password collection after the RockYou data breach, this leak is rather more or less similar to the Compilation of Many Breaches (COMB) which was the largest data breach compilation ever with 3.2 billion passwords.
As it seems, one of the reasons RockYou2021 is so big is due to the fact that it contains all 3.2 billion passwords from the Compilation of Many Breaches along with passwords from various other leaked databases.
Considering this, it seems that the forum user has been quietly collecting leaked passwords over the years and storing them.
As there are only 4.7 billion people online, the RockYou2021 compilation probably includes the passwords of the entire global population nearly two times.
“By combining 8.4 billion ( 8,459,060,239) unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts.”
“Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if not billions.”
Consequently, users are advised to check CyberNews‘ personal data leak checker as well as the news outlet’s leaked password checker to see if any of their passwords are included in RockYou2021. If so, these passwords should be changed instantly.