The most extensive data leak collection to date, dubbed ‘RockYou2021’, was dumped on popular hacking forums earlier this month.
According to a CyberNews report, a forum user posted a 100GB text file with 8.4 billion password entries, presumably obtained from previous data leaks and breaches.
Despite the author’s claims that the document contains 82 billion passwords, researchers noted that the “actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries.”
In a description provided by the post’s creator, it was revealed that the passwords are between 6 and 20 characters in length, with non-ASCII characters and white spaces removed.
The researchers also emphasized that the RockYou2021 data leak is comparable to the leak of the giant database known as Compilation of Many Breaches, or COMB, dumped earlier this year.
“Its 3.2 billion leaked passwords, along with passwords from multiple other leaked databases, are included in the RockYou2021 compilation that has been amassed by the person behind this collection over several years,” said CyberNews investigators in the report.
What are the risks?
Cybercriminals can use the database to conduct password-spraying or brute force attacks. In this form of attack, malicious actors try a list of common passwords on many online accounts to gain access and compromise the user.
Moreover, user exposure to account compromise increases seven-fold due to bad cyber habits such as password reuse and recycling, potentially leading to account takeover on numerous apps, websites and platforms.
What should users do?
The extent of this data leak leaves little room for debate on whether one of your account passwords has been exposed. As such, users should consider resetting passwords wherever possible.
Remember to use a complex and hard-to-guess password and enable two-factor authentication (2FA) on all compatible online accounts. If you’re having trouble remembering or keeping track of your passwords, look up a trustworthy password manager.
The data breach pandemic is here to stay, affecting millions of internet users each year. The more you know and control, the easier it is to manage your online data and persona and reduce your risks.
Start by checking if your personal information has been stolen or made public on the internet with Bitdefender’s Digital Identity Protection tool, only with your e-mail address and phone number.
Click to Open Code Editor