Skip to main content

Hackers expose 8.4 billion passwords online — your security is at risk [Update]

A physical lock resting on a laptop keyboard
(Image credit: piranka/Getty Images)

Update on Thursday, June 10: Password protection experts at cybersecurity company Specops Software reached out to Laptop Mag providing further details about the "RockYou2021" breached password leak. According to Specops' research, the compilation of passwords leaked on the hacker forum is confirmed to be a combination of various words and phrases found on Wikipedia and other previously known leaked lists. This suggests the 100GB TXT file does not contain previously unknown breached passwords. Specops notes hackers could use any of the 8.4 billion words and phrases in a brute force malicious attack, but this should not pose a greater risk than before the leak. What follows is the original story.

A massive collection of passwords has leaked online, after a user posted 8.4 billion password entries onto a popular hacker forum. Exposed credentials could include private login information for Gmail, Facebook, Apple, Paypal, and more.

The forum user posted a 100GB TXT file and has dubbed the leak "RockYou2021," which is a reference to the RockYou data breach in 2009 that exposed 32 million user passwords in a similar manner. The passwords are all up to 20 characters long, and can easily be searched within the file. 

Spotted by cybersecurity news website CyberNews (via BGR), the report claims this is the largest collection of leaked passwords of all time. Initially, the leaker stated there were 82 billion passwords on the forum, but researchers have found there are only 8,459,060,239 unique entries.

The report does not state how the hacker received these passwords, and whether all of these password entries are real. However, with the number of password entries leaked in the billions, there is a good chance many online user's login credentials are on the hacker forum.

Unfortunately, many users potentially use the same password for many different platforms, meaning everything from social media profiles to cryptocurrency accounts are at risk. 

Check if your password is leaked 

RockYou2021 potentially exposed billions of online user's credentials, so it's best to check if your personal data and password are part of the leak. If so, you'll want to change your credentials.

To check to see if your password has been exposed in the leak, you can check reliable website Have I Been Pwned? to see if your email or phone is part of a data breach. CyberNews also set up a personal data leak checker and a leaked password checker.

The cybersecurity site states it is still uploading password entries from RockYou2021 to its database. If your password does not show up in the checker, be sure to check again later, as the password may not have been uploaded yet.

Having a password manager can help bolster your security. LastPass used to be the go-to for years thanks to its free-tier service, but there are now other contenders worth checking out.

It is also recommended users use two-factor authentication. Just be sure not to use your phone number, as that will lead to even more low-level hacks