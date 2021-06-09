A user posted on a popular hacking-related forum the largest collection of leaked passwords ever. The collection, which is called RockYou2021, appears to be a compilation of passwords obtained from other leaks and security breaches. The user affirms that he has 82,000 million passwords, although the analysis of CyberNews, which has been the magazine that has echoed the file, reveals that it really includes 8,459,060,239 unique entries.

As stated by the author of the post and exposes CyberNews, all passwords have between six and 20 characters, do not have ASCII characters and do not have blank spaces. Come on what are passwords of up to 20 characters in plain text. All of them are available in a 100GB .txt file that includes COMB’s 3.2 billion passwords, which until now was the largest collection of leaked passwords in history.

A huge collection of passwords

Sample of leaked passwords.

RockYou2021 appears to be a reference to RockYou, the platform that was compromised in 2009 and from which 32 million plaintext passwords were extracted. RockYou2021, however, is 262 times bigger and even more impressive than Compilation of Many Breaches (COMB), which until now was the largest collection of passwords in history.

COMB had 3.2 billion passwords leaked in different security breaches and is now part of RockYou2021, which is more than twice as large. According to CyberNews, “considering that only about 4.7 billion people are online, in numerical terms, the RockYou2021 compilation potentially includes the passwords of the entire world population online almost twice. “

The collection does not include emails and users associated with passwords, but it is no less important for that. Why? Because it could be used to create password dictionaries for attacks known as “Spraying Password”. Unlike brute force attacks, which focus on breaking a single account by trying all passwords, spraying attacks attempt to access a large number of accounts with a few commonly used passwords.

For example, instead of trying 8.4 billion passwords to access a single account, the attacker test common passwords, such as “123456”, “password” or “password”, with many accounts before moving to the second most common password, and so on. That way it gets under the radar of account lockout systems.

This database is used precisely for that, to see which are the most common passwords. For example, the word “password” has been leaked 1,969,083 times and “123456” has been leaked 8,613,459 times. You can check yours on the CyberNews website. If our password has been leaked, we can change it and, incidentally, activate two-step authentication. We can even go for a hardware solution like a security key.

Via | CyberNews