A new collection of passwords leaked from various Internet databases is currently circulating on the web.
This is RockYou2021, a compilation of 3.2 billion passwords that has reignited the alarms and reminded us how important it is to maintain certain security measures with our data.
The biggest password leak in history
Just as a few months ago we were concerned about a massive Facebook data leak, which compromised more than 500 million users, what is happening now considerably exceeds the scope of the problem.
This new collection of passwords was built by compiling a wide series of data obtained from similar leaks, executed in the past. It took the name of RockYou, a 2009 event with similar characteristics, but much less in scope. Anyway, at that time it aroused a general alert by releasing 32 million passwords in plain text.
The vast volume of data contained in RockYou2021 almost doubles the number of users currently using the internet. For this reason, its scope could be really transversal.
Although we are creative when creating passwords and we extreme security measures from our user side, due to the infinity of digital services that are available to us, there are times when the security measures used to protect our information are not enough and precisely from there, the information is obtained by cybercriminals.
At our guide to creating strong passwords, we have a section in which we explain a method to verify if our information has been involved in any case of this kind. An indispensable tool is Have I Been Pwned, which is constantly updated with this information to make it available to our verifications.
The scope of this leak is incalculable. Those with access to this database could use the information to schedule attacks that randomly try combinations of passwords and usernames or emails.
The report of the existence of RockYou2021 originated in hacker forums and was replicated by various media. Portals like Cybernews They claim based on this information that all the passwords involved in this leak have non-ASCII characters between 6-20 characters each, with blanks removed.
Situations like this remind us, in addition to the importance of using secure passwords, which ideally should not be repeated between services, that it is also important to sharpen our eyes against possible attacks from phishing.