RockYou2021 compilation leaks between 8.4 billion and 82 billion passwords
According to CyberNews, someone has shared a 100 GB text file that purportedly contained around 82 billion password entries. Shared on a hacker forum, the TXT file allegedly actually contains 8,459,060,239 unique entries. As CyberNews notes, the file is similar to the Compilation of Many Breaches (COMB) or breachcomp2.0 (COMB) that had 3.2 billion entries. Incidentally, the so-called RockYou2021.txt collates the passwords contained in the earlier COMB leaks.
It is unclear if the RockYou2021.txt file contains valid passwords, but its file size alone makes it challenging to trawl. CyberNews assumes that at least the passwords that were taken from breachcomp2.0 are, or were, legitimate. All passwords in RockYou2021.txt have between 6 and 20 characters; non-ASCII characters and white spaces have been removed. Ultimately, while RockYou2021.txt may not necessarily contain any new passwords. However, collating previous databases into one large one makes it simpler for hackers to search before attempting a password dictionary attack.
In our opinion, the publication of RockYou2021.txt underlines the importance of using unique passwords and, more importantly, two-factor authentication (2FA) or multi-factor authentication (MFA). Currently, CyberNews is updating its databases to account for the RockYou2021 compilation. CyberNews stresses the following regarding its personal data leak checker and leaked password checker:
We take our readers’ privacy extremely seriously. To protect your privacy and security, the data that you enter in the search field is hashed, and we use only this hash to perform a search in our database. We do not collect entered emails or passwords, nothing is logged when you perform a leak check.
CyberNews via TechRadar, Markus Spiske - Image credit