RockYou2021: Over 8 Billion Passwords Stolen

By | June 12, 2021
Print Friendly, PDF & Email



RockYou2021: Over 8 Billion Passwords Stolen

On Saturdays, we try to feature something different or something important. Today, we’re featuring something important. Over eight billion passwords were stolen in the world’s largest password collection compiled from previous data leaks and breaches. 

Today’s article comes via Cybernews and we want to bring it to your attention because there’s a good chance that one or more of your passwords are in this massive compilation of user passwords. The Cybernews article tells you how to check to see if your password(s) are among the 8+ billion passwords contained in the RockYou2021 compilation.

For accounts dealing with money or highly sensitive personal information, we recommend that you change your password at least every six months. And always make sure you use a strong password containing upper and lowercase letters, numbers, and symbols. A password manager like LastPass, RoboForm, Bitwarden, or one of the many other free or commercial password managers available, makes creating strong passwords and saving them easy to do.

And now from Cybernews… all about the world’s largest collection of stolen passwords ever publish…

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

“… What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches. 

“According to the post author, all passwords included in the leak are 6-20 characters long, with non-ASCII characters and white spaces removed. The same user also claims that the compilation contains 82 billion passwords. However, after running our own tests, the actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries:


“The compilation itself has been dubbed ‘RockYou2021’ by the forum user, presumably in reference to the infamous RockYou data breach that occurred in 2009 and rockyou2021.txt filename containing all passwords, when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text. 

“An example of leaked passwords included in the RockYou2021 compilation:

rockyou2021.txt sample password's list

“With a collection that exceeds its 12-year-old namesake by more than 262 times, this leak is comparable to the Compilation of Many Breaches (COMB), the largest data breach compilation ever. Its 3.2 billion leaked passwords, along with passwords from multiple other leaked databases, are included in the RockYou2021 compilation that has been amassed by the person behind this collection over several years.

“Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over. For that reason, users are recommended to immediately check if their passwords were included in the leak. 

How to check if your password was leaked?

“… We have now uploaded nearly 7.9 billion out of 8.4 billion entries in the RockYou2021 password list to our leak databases. To safely check whether your password is part of this gigantic leak, make sure to head over to the CyberNews personal data leak checker or our leaked password checker.

“Note: We take our readers’ privacy extremely seriously. To protect your privacy and security, the data that you enter in the search field is hashed, and we use only this hash to perform a search in our database. We do not collect entered emails or passwords, nothing is logged when you perform a leak check.

Potential impact

“By combining 8.4 billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts. 

“Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if not billions.

What to do if your password was leaked?

“If you suspect that one or more of your passwords may have been included in the RockYou2021.txt collection, we recommend taking the following steps in order to secure your data and avoid potential harm from threat actors:

  • Use our personal data leak checker and leaked password checker to see if your data has been leaked in this or other breaches.
  • If your data has been compromised, make sure to change your passwords across your online accounts. You can easily generate complex passwords with our strong password generator or consider using a password manager.
  • Enable two-factor authentication (2FA) on all of your online accounts.
  • Watch out for incoming spam emails, unsolicited texts, and phishing messages. Don’t click on anything that seems suspicious, including emails and texts from senders you don’t recognize…”

Source: Cybernews

2 thoughts on “RockYou2021: Over 8 Billion Passwords Stolen

  1. L.S.

    Found two of my passwords on the breached list. Changed them both immediately using the password generator. Lesson learned. Thank you!

  2. JoninOz

    Hi Darcy & TC,

    A new quote, ‘Fools and their passwords are stolen with ease.”
    Bob Dylan type song, “They never listened are they listening now, they certaily know how.”

    Thanks for all your efforts for many years in advising computer users to Create Safe Passwords.


Leave a Reply

Your email address will not be published.