8.4 billion passwords have been posted on a hacking forum

Jun 9, 2021 05:32 GMT  ·  By

The world's largest password collection was posted on a prominent hacker forum. A member submitted a 100 GB text file containing 8.4 billion passwords, most likely compiled from previous data breaches and security breaches, according to Cyber News.  

The creator of the post claims that all passwords are between 6 and 20 characters long, with all characters non-ASCII characters and white spaces removed.

While the author claims that the text file he provided contains 82 billion passwords, tests by CyberNews show that the actual number of passwords is almost ten times smaller at 8,459,060,239 unique entries.

The password collection was dubbed RockYou2021 by the submitting forum user, presumably in reference to the 2009 RockYou data breach, when fraudsters gained access to the servers of a company that created widgets for MySpace and obtained more than 32 million passwords stored in plain text.

RockYou2021 contains new disclosed passwords collected over the years 

Even though the forum user named his stolen password collection after the RockYou data breach, this leak is more in line with the Compilation of Many Breaches (COMB). COMB was the largest data breach collection of all time with 3.2 billion credentials.

One of the reasons RockYou2021 is so large is that it contains all 3.2 billion passwords from the Compilation of Many Breaches, as well as passwords from other disclosed databases. This suggests that the forum user has been discreetly collecting and storing leaked passwords over the years.

Since there are only 4.7 billion people online, the RockYou2021 collection may contain the passwords of nearly two-thirds of the world's population.

For this reason, you should check both CyberNews' Personal Data Leak Checker and the Leaked Password Checker to see if your credentials are included in RockYou2021.

If so, you should change your passwords immediately by using a password manager or password generator to create strong, unique passwords for each of your online accounts.