Someone has posted, on a popular hacker forum, a huge .TXT file weighing 100GB. Its content? More than 8.4 billion passwords. Yes, we have written the figure correctly: It is the largest collection of passwords of all time —Although it does so by grouping data from several previous leaks.
In fact, the data from what until now was the largest collection of passwords, known as COMB or 'Compilation of Many Breaches' (3.2 billion passwords), is included in this collection, which has been christened 'RockYou2021' by the user who uploaded it...
… Who, by the way, announced at first that it offered the exaggerated figure of 82,000 million passwords, as if the size of a list like this had to be exaggerated.
Everything indicates that the name refers to the famous RockYou data breach that occurred in 2009, when attackers managed to seize 32 million passwords that had been stored as plain text. Yes, those passwords have also been included in RockYou2021.
The description provided by the collection creator indicates that the included passwords are between 6 and 20 characters in length, and that non-ASCII characters and whitespace have been removed.
Dictionary Maker's Dream… For Brute Force Attacks
But why is the existence of this file relevant, beyond its surprising size? Let's stop for a moment to think: data indicates that 'only' 4.7 billion humans have access to the internet today. That means that potentially this collection could include two of your passwords (possibly more if you have been on the Net for many years).
For that reason, users are advised to immediately verify whether their passwords are included in RockYou2021. CyberNews offers a tool to check it: their Leaked Password Check, although they warn that until tomorrow they will not finish uploading all the data of the compilation.
And, thanks to the enormous representativeness of this data sample, cybercriminals can use it to create your own password dictionaries to improve the effectiveness of your brute force attacks, as well as - prior crossing with email lists - of his attacks of 'password spraying'.
To avoid being a victim of these attacks, remember the usual tips in these cases: change passwords regularly, do not reuse them In different online services, use passwords as sufficiently complex (use a password manager to help you remember them) and activate whenever possible two-factor authentication.