New 8.4 billion password hack breaks records
If Guinness has a world record for password leaks, then there’s a new all-time champion. Security experts say the largest password collection ever has been posted online, representing 8.4 entries altogether. That eclipses an earlier record of 3 billion passwords hacked in February.
The password collection -- dubbed “RockYou2021” by forum members -- is thought to be a compendium of passwords cobbled together from other data breaches. When CyberNews’ Edvardas Mikalauskas ran the numbers on the leak, he found them to be rather unnerving.
“Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over,” theorized Mikalauskas.
If a deft threat actor combined those 8.4 billion unique password variations with other breach compilations that contain usernames and email addresses, it could mean big trouble. They could potentially leverage the RockYou2021 collection to create password dictionaries and use password spraying attacks against a limitless number of user accounts.
“Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if not billions,” Mikalauskas said.