Blog Archives

Hackers harvest 8.4 billion passwords

Hackers released data on 8.4 billion passwords this week and posted the information online. This might be the largest dump of passwords online ever.

Surprisingly, this is not making many headlines in the mainstream media.

Published June 8, 2021 – BGR MSN reported:

This news comes via the team at CyberNews, which reports that a 100GB text file containing a staggering 8.4 billion password entries was just leaked on a popular hacker forum. This data set presumably combines passwords stolen via previous data breaches and leaks, and it’s been dubbed the “RockYou2020” password leak on that hacker forum. That name was apparently chosen, per CyberNews, as a nod to the RockYou data breach from back in 2009, “when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text.”

If you’re reading these words, suffice it to say you probably need to change your passwords. Today, even. That’s because this new password leak is comparable in scale to the so-called “Compilation of Many Breaches,” or COMB, that we wrote about earlier this year. That previous compilation was essentially a giant database of more than 3.2 billion email-and-password pairings based on existing data that had been stolen as part of previous breaches and leaks from companies like Netflix and LinkedIn.

This new leaked password dataset, of course, is more than double that previous collection. And when you stop and consider that there are more than 7 billion people in the world, this means that there’s a strong likelihood that one of your myriad passwords is very likely caught up in this leak. CyberNews is recommending that anyone who wants to check and see if their passwords are included in this dataset should visit the CyberNews personal data leak checker or the leaked password checker, where password entries from the RockYou2021 compilation are being uploaded.

“By combining 8.4 billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts,” CyberNews notes.

%d bloggers like this: