Cyber Security – Largest password collection ever leaked online on a popular hacker forum.

As an investigations and legal support service agency, and members of the ABI we have to abide by a strict code of ethics and professional standards, adopted by the British Standards Institution as the template for BS102000, as well as be fully UK GDPR compliant. This means that security is paramount to our business. 

Last week we read that the largest password collection ever has been leaked on a popular hacker forum. A user posted a 100GB text file which contained over 8.4 billion passwords that are a possible combination of previously leaked passwords and breaches.

The author of the posts stated that all of the passwords included in the leak were between 6-20 characters and all non-ASCII characters with white spaces removed. They claimed the file they posted contained 82 billion, but the real number upon investigation was ten times lower at 8.4 Billion. 

The collection of passwords has been named ‘RockYou2021’, which is very likely referring to the data breach that happened in 2009, when cybercriminals hacked into the servers that made widgets for the likes of MySpace, where they obtained over 32 million passwords.

It looks like the forum user in question has been quietly collecting leaked passwords over the years and storing them. With 4.7 Billion people online, the ‘RockYou2021’ compilation of passwords includes enough passwords for the entire global population almost two times over.

If you want to check if any of your passwords have been breached, you can go to https://haveibeenpwned.com/ to see if your email or phone is in data breach. If so, these passwords should be changed immediately by using either a password manager or password generator where you can create strong unique passwords, making sure they are different for each account you have to log into. 

If you want advice Cyber Security or IT Forensics, get in touch today.