A list of 8.4 billion passwords was recently leaked to a popular hacker forum, compromising untold numbers of accounts across a vast number of websites.
This is the single largest leak of password data in history. As such, there has never been a better time or a bigger wake-up call for individuals and businesses alike to change their passwords and alter their security habits.
On June 7, 2021, a user on a hacker forum shared a 100GB TXT file containing 8.4 billion entries of passwords. To put this in perspective, 1MB of data equals 1,000,000 characters of text, and there are 100,000 MB in 100 GB. In short, this leak was massive.
The poster said the leaked passwords are all 6-20 characters long and have non-ASCII characters and white spaces removed. With the TXT file as a source, it is easy to take the passwords and plug them into other programs. Increasing their usability in future attacks.
Presently, nobody knows how the responsible party sourced the passwords or to which websites they belong. That does not make the threat any less serious. In fact, it could portend a cybersecurity nightmare.
Why is the Hack Called RockYou2021?
The hack has practically nothing to do with RockYou, the bankrupt widget and social media application developer. The RockYou2021 moniker comes from a data breach in 2009 in which 32 million RockYou user accounts were compromised.
Dubbed RockYou2009, this was the largest data breach; the latest breach is similarly the largest leak of password data, and the name pays homage to it.
What Does This Mean?
The implications of the RockYou2021 leak are vast. It shows a continuing trend of hackers with malicious intent easily gaining access to private information for starters. This attack on private citizens mirrors the ransomware hacks of the Colonial Pipeline and the meat processor, JBS.
These attacks are becoming increasingly common and potent.
Unfortunately, many people believe that a list of passwords without the attached accounts is useless, but that is not true.
As with previous breaches, the leaked passwords will be added to a growing “password dictionary”, a tool used by hackers to gain access to accounts through “credential stuffing”, a form of cyberattack. This act is easier to enact when the same passwords are used across different websites.
So, what does the RockYou2021 mean for you? Hackers have just gotten a massive upgrade in their password dictionaries, and that vast amount of data could be used for all-new, more successful attacks across many websites and apps.
What Should You Do?
It would help if you started by downloading our cybersecurity checklist to identify all the gaps in your security. Then check online for the available tools to see if any passwords or emails that you use were leaked online; several cybersecurity tools have parsed the leak to reveal which passwords and emails were leaked.
Whether or not your information appears on the list, it’s time to sit down and establish new, highly secure passwords for every website that you use. Educate yourself on making a proper password that is long, possible to remember, and difficult to crack. It may help to get a password manager.
If possible, you should begin using 2-factor authentication for certain services. When using 2-factor authentication, you will enter your password and then receive an email or text message that confirms you are accessing the website. You need to have both the password and the permission (typically in the form of a temporary code) from the second security element to access your account.
These two upgrades to your account security could offer you increased protection against coming cyberattacks.
The RockYou2021 leak could have massive impacts across the web depending on how hackers utilize the available information. Now is the time to update your personal and business passwords to prevent the hacks from impacting you.
Don’t forget that you can seek professional aid in creating new passwords and implementing two-factor security measures; it may just save your private data from becoming public.