RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

A hacker forum has leaked what appears to be the largest ever password collection. One forum member posted a huge 100GB TXT file containing 8.4 billion password entries. It is presumably a combination of previous data breaches and leaks.

The post author claims that all passwords in the leak contain 6-20 characters, and have non-ASCII characters. White spaces are also removed. Another user claims that the compilation contains 82 million passwords. After running our tests, however, we found that the number actually was almost ten times smaller at 8,459 60,239 unique entries.

Forum users have given the compilation the name “RockYou2021 ” in reference to the RockYou data breach in 2009 and the rockyou2021.txt files containing all passwords. In that case, threat actors gained access to more than 32,000,000 user passwords stored in plain text and hacked into the website’s servers.

One example of leaked passwords in the RockYou2021 compilation


This leak surpasses the 12-year-old collection by more than 262x. It is comparable to the Compilation Of Many Breaches (COMB), which is the largest ever data breach compilation. The RockYou2021 compilation, which has been assembled over many years, includes passwords from numerous other leaked databases as well as passwords from the 3.2 billion passwords that were leaked.

Given that approximately 4.7 billion people use the internet, the RockYou2021 compilation could potentially include the passwords for almost twice as many people. Users are advised to check immediately if their passwords have been leaked.

 How can I find out if my password was leaked?

Updated 10/06: Nearly 7.9 billion of the 8.4 billion password entries in RockYou2021 have been uploaded to our leak databases. You can safely check if your password is a part of this massive leak by using the CyberNews personal information leak checker.

Please note: We are very concerned about the privacy of our readers. We use this hash to search our database. This is done to protect your privacy. When you run a leak check, we do not log any of your passwords or emails.

Potential impact

Threat actors can combine 8.4 billion password variants with other breach compilations, which include usernames and emails addresses, to use the RockYou2021 collection for password dictionary and password spraying attacks on untold numbers of online accounts.

 Most people use their passwords on multiple sites and apps. This means that the number of accounts susceptible to password spraying or credential stuffing attacks can easily reach millions, if not billions.

What should you do if your password is leaked?

We recommend the following steps to protect your data and prevent potential harm from threats actors if you suspect that one of your passwords has been stolen by RockYou2021.txt:

  • To check if your data was leaked, use our personal information leaker or leaked password tester to find out.

  • You should change your passwords to all online accounts if your data has been compromised.

  • Two-factor authentication (2FA), is enabled for all your online accounts.

  • Be on the lookout for unsolicited messages, spam email, and phishing emails. Do not click on any suspicious emails or texts, even if they come from unknown senders.

  • For online security and privacy, you might consider using a good VPN Service along with a Password Manager. Protect your iPhone with the best VPNs. Or, you can choose one of the top VPNs for Mac. A VPN is a cross-device protection tool that can be used on multiple devices.


Similar Articles



Please enter your comment!
Please enter your name here



Most Popular