A massive collection of passwords has leaked online, after a user posted 8.4 billion password entries onto a popular hacker forum. Exposed credentials could include private login information for Gmail, Facebook, Apple, Paypal, and more.
The forum user posted a 100GB TXT file and has dubbed the leak “RockYou2021,” which is a reference to the RockYou data breach in 2009 that exposed 32 million user passwords in a similar manner. The passwords are all up to 20 characters long, and can easily be searched within the file.
Spotted by cybersecurity news website CyberNews (via BGR), the report claims this is the largest collection of leaked passwords of all time. Initially, the leaker stated there were 82 billion passwords on the forum, but researchers have found there are only 8,459,060,239 unique entries.
The report does not state how the hacker received these passwords and whether all of these password entries are real. However, with the number of password entries leaked in the billions, there is a good chance many online user’s login credentials are on the hacker forum.
Unfortunately, many users potentially use the same password for many different platforms, meaning everything from social media profiles to cryptocurrency accounts are at risk.
Check if the hacker extracted your password
RockYou2021 potentially exposed billions of online user’s credentials, so it’s best to check if your personal data and password are part of the leak. If so, you’ll want to change your credentials.
To check to see if your password has been exposed in the leak, you can check reliable website Have I Been Pwned? to see if your email or phone is part of a data breach. CyberNews also set up a personal data leak checker and a leaked password checker.
The cybersecurity site states it is still uploading password entries from RockYou2021 to its database. If your password does not show up in the checker, be sure to check again later, as the password may not have been uploaded yet.
Having a password manager can help bolster your security. LastPass used to be the go-to for years thanks to its free-tier service, but there are now other contenders worth checking out.
It is also recommended users use two-factor authentication. Just be sure not to use your phone number, as that will lead to even more low-level hacks.