In the past few years, we have reported several record-breaking password data collections, pointing at large-scale data breaches. It seems that one of the largest such collections, dubbed RockYou2021, has now been shared on a popular hacker forum. Allegedly, the collection is made of 8.4 billion passwords collected in a 100GB text file. The most likely scenario is that the collection is compiled of previous data breaches.
The RockYou2021 Password Collection
According to Cyber News, the creator of the forum post says that all passwords are between 6 and 20 characters long, with all non-ASCII characters (a character encoding standard for electronic communication) and white space removed. Cyber News carried out some tests and figured out that the text file contains 8,459,060,239 unique entries.
The RockYou2021 name is most likely related to the infamous RockYou data breach that took place in 2009, when hackers breached the social app website’s servers and stole at least 32 million user passwords in plain text.
“Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over. For that reason, users are recommended to immediately check if their passwords were included in the leak,” the researchers said. To check if any of your passwords have been breached, you can use the Have I Been Pwned service maintained by Troy Hunt. If any of your passwords were compromised, you should change them immediately, using a unique, complex password for each of your accounts.
With a collection that exceeds its 12-year-old namesake by more than 262 times, this leak is comparable to the Compilation of Many Breaches (COMB), the largest data breach compilation ever,” Cyber News said.
The COMB21 Data Leak
The COMB21 data leak consists of 3.28 billion passwords connected to 2.18 million unique email addresses. Furthermore, the leak also includes 1,502,909 passwords linked to email addresses from government domains from around the world. The United States government “leads” with 625,505 of exposed passwords, followed by the U.K with 205,099, Australia with 136,025, Brazil with 68,535, and Canada with 50,726 passwords.
The exposed credentials stem from a colossal 100GB dataset known as COMB21, standing for Compilation of Many Breaches. The data was published for free on an underground forum earlier this year, exposing information from different leaks associated with various organizations over the years.