Consider the threat of 8.5 billion password leaks. It is our present reality, and you may never have heard of it. Hackers call it RockYou2021, and the few who report it treat it as a game defense that changes the game to a popularity we’ve never seen before. Is this an exaggeration? Was RockYou2021 so bad if none of us had ever heard of it? Let’s separate the truth from the myth.
RockYou2021: What happened?
When RockYou2021 news first surfaced in early June, 2021, it was soon dubbed “the biggest password leak in Internet history,” far surpassing RockYou’s original 2009 leak involving more than 32 million passwords. Initially, RockYou2021 was said to enter 82 billion passwords – in fact, the number is almost 1/10 of that: 8.459 billion passwords. Clearly, more than 250 times the size of RockYou2009, this is still the most significant number of passwords to be disclosed.
RockYou2021 was sent as a 100 GB text file to the most popular (anonymous) forum for hackers. Each of the approximately 8.5 million passwords is between 6 and 20 characters long, with all white spaces and non-ASCII characters removed from the text. Larger clusters like these allow hackers and criminals to do what is known as “password spraying,” which involves trying a large number of usernames and passwords in a very short time to get an account.
Contents of leaks?
After extensive research, the bulk of RockYou2021 is actually just a collection of many cracked dictionaries. This cracker dictionary contains the most widely used and easily guessed passwords used in spray password attacks. To be clear, these are by no means passwords linked to anyone else, but there are passwords that are widely used by many different accounts.If it were a movie, it would be a re-released release full of deleted groups.
How Can You Set Your Passwords?
Change your password often, keep it complicated, and keep it safe with your favorite password manager.