Billions of emails and passwords appear in largest data leak ever; consumers should change passwords

  • A text file containing more than 8 billion emails and passwords leaked online on Monday.
  • Dubbed “RockYou2021,” this leak is considered the largest data leak ever.
  • Security experts recommend changing your passwords.

As the war against ransomware rages on, other cybercrimes continue to run rampant as hackers have pulled off what’s being considered the mother of all data leaks.

Emails, phone numbers, and passwords from billions of accounts worldwide were recently exposed in a massive data breach, CyberNews reported. A text file containing nearly 8.4 billion emails and passwords was leaked under the moniker, “RockYou2021,” which pays homage to the original RockYou breach in 2009.

The latest leaks contains data from the original RockYou leak, in addition to data from several years’ worth of other previous attacks.

RockYou2021 is being called the largest collection of compromised account information ever. Consumers are advised to change their passwords.

What you need to know about RockYou2021

The largest password collection was leaked on a popular hacker forum where a user posted a “100GB TXT file” that contained 8.4 billion passwords, CyberNews reported. It’s believed that a portion of these passwords have appeared in previous leaks and breaches, but the author of the leak said that all of the passwords included were “6-20 characters long, with non-ASCII characters and white spaces removed.

The startling finding is just how dense this latest breach is.

“Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over,” the report said.

With the large amount of unique passwords in this latest breach, CyberNews says threat actors can use the information to “mount password dictionary and password spraying attacks” against numerous online accounts.

Password spraying is when a hacker attempts to use the same password on many accounts, first targeting generic passwords — like “password123” — before moving on to another password and repeating the process until the right password is found or they give up.

RockYou2021 comes months after more than 3.2 billion email and password combos were posted online in a leak called COMB, the Complication of Many Breaches.

Leaks and security breaches 2021

What is RockYou and the 2009 RockYou data breach

RockYou is a social media app designed to amplify the “authentic voice of multicultural millennials,” the company says. Founded in 2005, it was a popular widget that appeared on MySpace and other social networks like Facebook.

The company infamously suffered a data breach due to poor security in 2009, which resulted in over 32 million user accounts being exposed. Tech Crunch reported then that RockYou stored all of its user data in a plain text on its database, which served as easy prey for hackers to access.

Computer World said at the time that usernames were “by default the same as users’ Gmail, Yahoo, Hotmail, or other Web mail account.” Samples of the data were then leaked on a website, according to the report.

You might want to change your password

A quick scan of a personal data leak checker and its leaked password checker can help users detect whether their information appears on the list.

As always, it’s advised to change your passwords across online accounts through a strong password generator or using a password manager.