BACKGROUND:
It has been reported that The world’s largest password collection was posted on a prominent hacker forum. A member submitted a 100 GB text file containing 8.4 billion passwords, most likely compiled from previous data breaches and security breaches, according to Cyber News. The creator of the post claims that all passwords are between 6 and 20 characters long, with all characters non-ASCII characters and white spaces removed. While the author claims that the text file he provided contains 82 billion passwords, tests by CyberNews show that the actual number of passwords is almost ten times smaller at 8,459,060,239 unique entries.
<p>While this breach is being coined the biggest password breach ever released, some important facts are being glossed over. Specifically, the fact that RockYou2021 is simply a list of passwords. No other personally identifiable information has been associated with the dump, rendering it completely useless to cybercriminals. </p> <p> </p> <p>However, to avoid passwords being leaked, websites should never store user\’s passwords in plaintext on their servers, but rather as a hash. This converts a password into a sequence of unintelligible characters; therefore, if the website is ever breached, attackers would be left with a meaningless hash code, making it almost impossible to determine a user’s password.</p>