What is “RockYou2021” and Should you be Worried?

You may have seen something in the news recently about “RockYou2021” and have been wondering “what is that?”  Simply put, RockYou2021 is a 100GB TXT file of 82 billion passwords that was recently posted to a popular hacking forum.  Cyber News broke the story, and by their count, the number of unique entries in the compilation is 8,459,060,239. While 8 billion doesn’t seem as bad as 80 billion, it is still bad news.

Why is this bad news?  Cyber criminals can use this database to conduct password-spraying or brute force attacks. Brute force attacks are malicious actors trying a list of common passwords on many online accounts to gain access and compromise the user. And because people tend to reuse passwords on their various accounts, once a hacker gains access to one of your accounts, there is a real possibility that the hacker will get into your other accounts as well.

It is said that there are 4.7 billion people in the world online.  So, with a list of over 8 billion passwords, it is a good probability that one of your passwords is on the list.  Steps you should take to protect yourself include:

  • Change all your account passwords, and make sure each account has a unique password.  If you have a hard time remembering passwords, there are several reliable password managers out there. 
  • Use multifactor authentication wherever possible.

If you own a business, it would be wise to ensure all your staff look to change their passwords on their work accounts and implement multifactor authentication across all your logins.  In many cases, a big breach (SolarWinds, Oldsmar) has been the result of a stolen or easy to guess password.  You want to make it as difficult as possible for the cyber criminals to get in.  If you need help setting up password policies or finding the right multifactor authentication application for your business, contact Uzado to help.