Skip to Content
© Vladimir Kazakov | Dreamstime.com
Security & privacy

Bad news! 8.4B bad passwords leaked online – Check for yours

Earlier this year, the biggest online hack rocked the technology world. A combination of usernames, passwords, and private credentials leaked online, totaling 3.8 billion records. The information itself wasn’t hacked by the person responsible but rather compiled into a massive data dump.

At the time, it was dubbed the “Compilation of Many Breaches,” or COMB for short, with a database topping 41GB. It contained information from LinkedIn, Netflix, Minecraft, Badoo, Bitcoin and Pastebin users. As a result, it’s a huge security risk.

That record didn’t last long, though. Another collection of online data popped up on a popular hacker forum, and it towers over the previous champion. So naturally, this isn’t a great discovery for anybody who has an online profile of any kind.

Here’s the backstory

Cybersecurity experts have been trying to wrap their heads around the latest discovery of stolen passwords and usernames on a hacking forum. However, where the previous biggest breach contains 41GB of information, this collection is an astonishing 100GB.

Posted to the forum by a user, the file dump contains 8.4 billion entries and has been named RockYou2021. This is seemingly a reference to the RockYou breach from 2009, which leaked Facebook and MySpace account details.

But just like the COMB compilation, RockYou2021 is also a combination of databases from various hacks and breaches. The latest file dump also includes the data from COMB.

The original poster of RockYou2021 claims that all passwords in the file dump are six to 20 characters long with non-ASCII characters and white spaces removed. According to cybernews, which ran its own analysis of the file dump, the sheer number of passwords included should have everybody on edge.

“Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over. For that reason, users are recommended to immediately check if their passwords were included in the leak,” cybernews wrote.

What you can do about it

We are huge advocates for changing all your passwords at least once every two months. Not just for email or social media platforms, but for anything that can link information back to you. If that seems a bit excessive to you, use a password manager.

Password managers create complex credentials for you and stores them securely. You only need to remember your master password, and with that, you access all your sites and profiles. It can save you a lot of heartache in the future.

The next step would be for you to check if your personal data has been included in any of the latest breaches and file dumps.

Cybernews has set up its own leaked password checker as well as a Personal Data Leak Checker. You should also combine your online check with the hugely popular HaveIBeenPwned website. The websites will scan the data to see if your passwords or email addresses have been exposed.

If they have, you must immediately change them.

Keep reading

Don’t let this malware infect your computer and steal your passwords

Hidden setting in your browser that reveals your hacked passwords

Stop robocalls for good with Kim’s eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook