Back in 2009, threat actors hacked into the website servers of social app RockYou, accessing over 32 million user passwords stored in plaintext. Now, in what appears to be the largest data breach in history, attackers have compromised 262 times as many passwords. With 3.2 billion leaked passwords from multiple databases, this attack has been dubbed RockYou2021.
As only 4.7 billion users utilize the Internet, that means RockYou2021 could actually involve the passwords of nearly twice the global population. Therefore, users should immediately check to see whether their passwords were affected by this leak. Users can check for password compromise using the website Have I Been Pwned or the CyberNews personal data leak checker.
Threat actors can take advantage of the RockYou2021 password collection by combining 8.4 billion unique password variations with existing breach compilations of email addresses and usernames. The hackers could then use these credentials for dictionary and password spraying attacks against an unknowable number of online accounts.
So far, research suggests that all of the passwords involved in this leak have non-ASCII characters between 6-20 characters each, with white spaces removed.
If you believe that one or more of your passwords may have been compromised in the RockYou2021 breach, you can take mitigation steps by immediately changing your passwords for all of your online accounts. In fact, using a password manager can help you create strong, complex passwords that don’t have to be easy to remember. Furthermore, you can enable two-factor authentication (2FA) on all of your accounts.
Finally, as always, make sure to always closely examine all unsolicited spam emails, calls and text messages for potential phishing activity. Most importantly, never click on links or download any executables in messages that you weren’t expecting or from senders you don’t recognize.