KEY POINTS

  • A new leak exposed  a staggering number of online users' credentials
  • The new leak is called RockYou2021 
  • The massive password leak could be used by malicious actors

Billions of passwords were recently leaked on a hacker forum, exposing online user's credentials that could include private login information for Paypal, Apple, Gmail, Facebook and a lot more.

A 100 GB text file with a staggering 8.4 billion password entries was posted on a popular hacker forum, CyberNews reported Monday. It contained passwords taken from previous leaks and breaches. This reportedly was the largest compilation of leaked passwords.

The file containing the leaked data was dubbed RockYou2021, presumably a reference to the RockYou data breach that happened in 2009. Back then, malicious actors hacked their way into servers of social media sites and acquired over 32 million user passwords. Interestingly, while the leaker claimed that there were 82 billion passwords in the text file, researchers discovered that it had only 8,459,060,239 unique entries.

Cyber Attack Crime, Hacker
Representation of a cyber attack crime. Getty Images/Bill Hinton/Contributor

Given that there are only around 4.7 billion people online, the RockYou2021 leak contains almost twice the number of passwords of the whole global online population. For this reason, users should immediately check if their passwords were included in the massive leak. According to CyberNews, with the leaked credentials, malicious actors could mount password dictionaries and password spraying attacks against an unimaginable number of online accounts.

How to check if your password is leaked

Users can see if their passwords have been exposed by checking it on the site Have I Been Pwned? They can also check if their phone numbers and email addresses were part of the data breach. CyberNews also set up a leaked password checker and data leak checker on its site.

With the amount of data, it is possible that these sites are still uploading the stolen credentials to their database. This means users should scan these lists multiple times even if their credentials did not show up during the first check. Users who want to be thorough and want to ensure their security can use reliable password managers to bolster their security.

Aside from that, users should regularly change their passwords and must avoid using the same password on various apps and sites. Users should also look into encrypting their data via a VPN or other tools, since encryption makes it much more difficult for cybercriminals to steal user data.

RELATED STORIES