Are you affected by the biggest password leak in history? Here's how to check...

·2-min read
The biggest password leak in history was discovered by the CyberNews website on a forum for hackers.

More than eight billion passwords in a 100 Gigabyte text file -- that's a leak which, in the wrong hands, could do considerable damage. In fact, using techniques like "brute force" and "dictionary attack," hackers can test a considerable number of passwords in a flash to crack web users' secret passcodes.

It's the biggest password leak in the history of the internet. About 8.4 billion confidential passwords have been made available in a 100 Gigabyte text file named "RockYou2021." All of this data comes from old leaks and new discoveries by hackers. While a claim has been made that a list contains 82 billion passwords, the CyberNews site only counts 8,459,060,239 unique entries in the text file.

The name RockYou may ring a bell. Indeed, in 2009, an application called RockYou was attacked by a group of hackers, allowing them to recover 32 million user passwords. And, at the time, RockYou stored this information in a simple plain text file, allowing anyone to read and understand it instantly.

"Brute force" and "dictionary attack"

To give you some idea of scale, various sources consider that between 4 and 4.7 billion people are connected to the internet worldwide. In other words, virtually all passwords of web users around the world could potentially be affected. Therefore, internet users are advised to check whether their passwords are included in the leak.

If all this seems insignificant, bear in mind that it doesn't necessarily take long for hackers to test a list featuring an innumerable number of passwords, in its entirety. By using "brute force" techniques combined with a "dictionary attack," it's possible to test them in a few minutes for the shortest ones (about eight characters) or up to several days for the longest ones (16 to 20 characters). According to the author of the message, all the passwords included in the leak are six to 20 characters long.

With this list of unique passwords -- which sometimes includes usernames and email addresses -- hackers can use the data to attack countless accounts in a matter of moments. Users can check if their password is part of the leak by using the CyberNews checker tool or an alternative version , where the compromised passwords are in the process of being uploaded. For the moment, only a part of the RockYou2021 list is available for checking, so it's wise to check again in the next few days.

It's important for anyone using the internet to have a reliable and secure password. Follow tips on choosing a secure password and remember to change it regularly .

Axel Barre