The most extensive data breach collection to date, dubbed 'RockYou2021', was dumped on popular hacking forums earlier this month.
According to aReportOfCyberNews, a forum user posted a 100 GB text file with 8.4 billion password entries, likely obtained from data leaks and previous breaches.
Despite the author's assertions that the document contains
82 billion passwords, the researchers noted, that the "actual number turned out to be nearly ten times lower than 8,459,060,239 unique entries. "
In a description provided by the creator of the post, it was revealed that passwords are 6-20 characters long, with non-ASCII characters and white space removed.
"Its 3.2 billion disclosed passwords, as well as the passwords for several other disclosed databases, are included in the compilation.RockYou2021which has been amassed by the person behind this collection over several years, ”investigators said.CyberNewsin the report.
What are the risks ?
Cyber criminals can use the database to perform password spray or brute force attacks. In this form of attack, malicious actors try a list of common passwords on many online accounts to gain access and compromise the user.
Additionally, user exposure to account compromise is increased sevenfold due to bad cyber habits such as password reuse and recycling, which can lead to account taking over many applications. , websites and platforms.
What should users do?
The extent of this data breach leaves little room for debate as to whether any of your account passwords have been exposed. Therefore, users should consider resetting passwords whenever possible.
Remember to use a complex and difficult to guess password and enable two-factor authentication (2FA) on all compatible online accounts. If you're having trouble remembering or keeping track of your passwords, look for a trustworthy password manager.
The data breach pandemic is here to stay, affecting millions of internet users every year. The more you know and control, the easier it is to manage your data and online personality and reduce your risk.
Start by checking if your personal information has been stolen or made public on the Internet withATK's digital identity protection toolTechnologies, only with your addressEmail and phone number.