RockYou2021: Largest data breach jeopardizes 8.4Bn PWs

RockYou2021. The name seems oddly fitting for a data leak so large that it literally rocked the world. The leak is touted to be the largest in history, and consists of a series of some 8.4 billion passwords and other data, posted on a hacker forum in the form of a huge TXT file (100GB in size). The leak presumably isn’t a fresh one, and instead is believed to be an amalgamation of many previous leaks.

The news was first revealed on June 7 by CyberNews, after its experts carried out a thorough analysis on the claims made by the poster, who said that the file contains as many as 82 billion passwords, all 6-20 characters long, and with non-ASCII characters and white spaces removed. However, it turned out that the actual number was much less. Nevertheless, it officially is the biggest credentials leak in history. The recorded number of passwords leaked stands at 8,459,060,239 unique entries.

Relation to 2009, While Overtaking COMB

The nickname of the hack is apparently a tribute of sorts to RockYou, a large (though still 262 times smaller than its 2021 successor) data breach that took place in 12 years ago, in 2009. Back then, the file name had been rockyou2021.txt, with over 32 million passwords being leaked as threat actors invaded the servers of social media sites.

This data breach successfully overtakes the Compilation of Many Breaches (COMB), which previously held the title of being the largest ever data breach at 3.2 billion leaked passwords. This breach, along with the leaks from multiple other databases, have also been compiled in RockYou2021.

RockYou2021 surpasses COMB
Image Credits: CyberNews

A Concerning News

Experts are quite concerned about the leak, since only about 4.7 billion people in the world have access to one or the other types of social platforms. This means that the database could potentially contain multiple password entries for millions of users, in the least. As such, all users have been recommended to check the database as soon as possible, to confirm whether or not their credentials were compromised.

Legitimacy Issues and User Protection

There are rapidly emerging many views on the legitimacy and accuracy of the leaked data. Some experts even hold that the actual number of authentic passwords stands at more than 800 million, with the rest of the billions of passwords being fake, and a way to attract publicity.

Nevertheless, users are also being advised to protect themselves, preferably by frequent changing their passwords, or using password managers.