‘RockYou2021’ Data Breach: How to Know if Your Password has been Leaked
Data breach is one of the things that you feared every time that you surf the internet. That fear was then materialized when a social widget developer RockYou leaked over 32 million user accounts in what has been the largest data breach in 2009.
This incident twelve years ago became an "inspiration" for new data breaching incident where 8.4 billion user accounts, including passwords, were leaked online in a form of a .txt file.
According to a report by Cybernews.com, the said leak was started as a post in a hacker forum where a user posted the said 100GB .txt file. According to the said post, the .txt file consists of passwords, all of which are 6-20 characters long, with non-ASCII characters and white spaces removed.
For folks asking about 8.4B record “RockYou2021” password list that’s in the news today, this is an aggregation of multiple other lists. For example, this password cracking list: https://t.co/D72MJxk051— Troy Hunt (@troyhunt) June 8, 2021
In a test made by the same website, it found out that a total of 8,459,060,239 unique entries are on the .txt file.
Named "rockyou2021.txt," it was inspired by the RockYou data breach of 2009, where 32 million user account data, including passwords from accounts that connected to a RockYou-made app or sites that using their service, including social media sites like Facebook and MySpace.
These passwords were stored by the company in plain text in an unencrypted database and they sent the passwords to their users through an unencrypted network if that user wants to recover his profile or forgets its password.
Aside from that, according to an article by Techcrunch.com regarding the incident, RockYou had poor security policies especially in terms of passwords. This ranged from putting the minimal password length up to 5 characters to not requiring their users to use mixed-case passwords to not letting them use numbers and punctuation marks.
But the "rockyou2021.txt" data breach is not the only data breach that happened within this year. Last February 2, more than 3.2 billion unique pairs of cleartext emails and passwords, all of which were used for social media accounts, streaming services, and cryptocurrency, were leaked in an online hacking forum.
Called the COMB or the Compilation of Many Breaches, the leak was considered by Cybernews.org as "The Mother of all Data Breaches."
The Threat of "rockyou2021.txt"
The leaking of the "rockyou2021.txt" had a corresponding threat to the web security of almost all of the people who are using the internet.
According to Techxplore.com, threat actors can take advantage to the said leak as they can combine any unique password variations with existing breach compilations of email addresses and usernames. Hackers can also use the leaks for dictionary and password spraying attacks against any number of online accounts.
Cybernews.com also noted that "millions, if not billions" of online accounts can be potential targets of said online attacks since most of them reuse passwords to multiple accounts in apps and websites.
How to Know if Your Password was Leaked? And What to Do?
With the threat coming from the "rockyou2021.txt" data breach, many people are now suspecting if their passwords are included in the said breach.
Cybernews.com has a special sites dedicated in knowing if the password that you used for your email address is susceptible with data breaches or a part of any data breach. These said special sites, according to them, housed 988,131,959 exposed passwords and 15,212,645,925 breached accounts.
Apart from checking, you must also change the passwords of your online accounts. You can generate on your own or use a password manager like the one Google made.
You must also consider enabling a two-factor authentication (2FA), which you double the protection of your online data by having an additional security feature aside from a password. Websites such as Twitter and Instagram are using 2FA to prevent hacking.
Finally, you must watch out for incoming spam emails, unsolicited texts, and phishing messages. The best way to prevent them is do not click any suspicious emails or texts from someone who don't know.
READ ALSO: How to Protect Your Identity Online