This might be the mother of all password leaks, with billions of credentials exposed

Shortly before Apple CEO Tim Cook took the virtual stage at the iPhone maker’s Apple Park headquarters campus for WWDC 2021 on Monday — at which the company unveiled a ton of new software updates, including some major new privacy enhancements — an email landed in my inbox underscoring how critical those privacy features are going to be once they roll out with iOS 15. Basically, there’s been another huge data leak, this time exposing several billion passwords in what just might be the biggest dump of passwords online ever.

This news comes via the team at CyberNews, which reports that a 100GB text file containing a staggering 8.4 billion password entries was just leaked on a popular hacker forum. This data set presumably combines passwords stolen via previous data breaches and leaks, and it’s been dubbed the “RockYou2020” password leak on that hacker forum. That name was apparently chosen, per CyberNews, as a nod to the RockYou data breach from back in 2009, “when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text.”

If you’re reading these words, suffice it to say you probably need to change your passwords. Today, even. That’s because this new password leak is comparable in scale to the so-called “Compilation of Many Breaches,” or COMB, that we wrote about earlier this year. That previous compilation was essentially a giant database of more than 3.2 billion email-and-password pairings based on existing data that had been stolen as part of previous breaches and leaks from companies like Netflix and LinkedIn.

This new leaked password dataset, of course, is more than double that previous collection. And when you stop and consider that there are more than 7 billion people in the world, this means that there’s a strong likelihood that one of your myriad passwords is very likely caught up in this leak. CyberNews is recommending that anyone who wants to check and see if their passwords are included in this dataset should visit the CyberNews personal data leak checker or the leaked password checker, where password entries from the RockYou2021 compilation are being uploaded.

“By combining 8.4 billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts,” CyberNews notes. “Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if not billions.”

Source:-bgr

Leave a Reply

Your email address will not be published. Required fields are marked *