RockYou2021: largest password compilation with 8.4 billion entries

MonSpyder9

Level 2
Thread author
May 4, 2020
39
What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.

According to the post author, all passwords included in the leak are 6-20 characters long, with non-ASCII characters and white spaces removed. The same user also claims that the compilation contains 82 billion passwords. However, after running our own tests, the actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries:

rockyou2021-number-of-entries.png
A MAJOR leak this time. I think it's safe to say nearly all of us will be affected in some way. Are you guys changing passwords already?
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
LastPass Premium:

1Password:

Google Chrome users:

Microsoft Edge users:
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Bitwarden Paid:
Vault Health Reports can be used to evaluate the security of your Bitwarden Personal or Organization Vault.

Note​

Vault Health Reports are available for Premium users, including members of Paid Organizations (Families, Teams, or Enterprise).
 

MonSpyder9

Level 2
Thread author
May 4, 2020
39
That's not the important thing for long time already.
People need learn to use 2FA and website devs need learn to provide 2FA, specially FIDO2.
But you can't have 2FA everywhere and it has its own risks no? I'm not sure if I want to give my number to all random sites I have to register just to login.
 
F

ForgottenSeer 85179

But you can't have 2FA everywhere and it has its own risks no? I'm not sure if I want to give my number to all random sites I have to register just to login.
You can do that on all sites which support it.

You're confused. 2FA doesn't mean that you need to give them your phone number. That's the worst 2FA method and shouldn't be used as it can be bypassed with stuff like SS7.
Sites provide an backup code at 2FA setup which you should store securely. Then their no risk at all.
2FA can also realized with hardware keys which is called FIDO(1) and FIDO2.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I'm not sure if I want to give my number to all random sites I have to register just to login.
SMS and Email are not secure methods for 2FA.

A mobile number is NOT required for Authentication apps, or hardware keys.
 
  • Like
Reactions: upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top