The Coffee House
Largest password data breach in history - Printable Version

+- The Coffee House (https://tch-forum.com)
+-- Forum: Topical discussions (https://tch-forum.com/forumdisplay.php?fid=19)
+--- Forum: Tech and Engineering (https://tch-forum.com/forumdisplay.php?fid=27)
+--- Thread: Largest password data breach in history (/showthread.php?tid=9978)



Largest password data breach in history - Kyng - 06-10-2021

https://techxplore.com/news/2021-06-largest-password-breach-history-leaked.html

Back in 2009, threat actors hacked into the website servers of social app RockYou, accessing over 32 million user passwords stored in plaintext. Now, in what appears to be the largest data breach in history, attackers have compromised 262 times as many passwords. With 3.2 billion leaked passwords from multiple databases, this attack has been dubbed RockYou2021.

As only 4.7 billion users utilize the Internet, that means RockYou2021 could actually involve the passwords of nearly twice the global population. Therefore, users should immediately check to see whether their passwords were affected by this leak. Users can check for password compromise using the website Have I Been Pwned or the CyberNews personal data leak checker.

Threat actors can take advantage of the RockYou2021 password collection by combining 8.4 billion unique password variations with existing breach compilations of email addresses and usernames. The hackers could then use these credentials for dictionary and password spraying attacks against an unknowable number of online accounts.



Wow, that's really not good -_- . The article suggests using "Have I Been Pwned?" to check whether any of your passwords have been compromised here, so I did that with both of my email addresses. Fortunately, my newer email address had nothing reported, while my older one only had 'pwnages' from years ago that I already knew about.

I'll probably check again in a few days' time (just in case the site hasn't fully updated yet) - and I do hope there aren't any more breaches reported then...


RE: Largest password data breach in history - SpookyZalost - 06-10-2021

I ended up being notified a few weeks ago, so I had to change a bunch of passwords.  Part of me wants to go on the offensive against the people who did this, but this seems like a big organization and would take a lot of resources.

edit: Looking into this further.

This isn't a list of new passwords...

This is a comb or compiled word list, made up of dozens of other word lists...

Yeah it means we're going to get an upswing in dictionary attacks but it's information that was already out there.

Also it was shared through reddit of all places!


RE: Largest password data breach in history - Kyng - 06-10-2021

Okay, so if the information came out a few weeks ago, then that makes me hopeful that it's already on Have I Been Pwned and the like :P . In that case, I suppose that means I have nothing to worry about, that I wasn't already aware of anyway (but perhaps I should make an effort to update some of my older passwords!)


RE: Largest password data breach in history - Emerald - 06-12-2021

Everything was okay with mine. Dreadful when this happens.