A new compilation of passwords collected from data breaches has been released and dubbed ‘Rockyou2021’ after the 2009 password compilation dump ‘RockYou.’ The collection was released for download on a popular forum for hackers.
The new compilation contains 8.4 billion passwords (8,459,060,239 to be exact) and, when decompressed, occupies about 100GB of text data.
A bit of history
The now infamous ‘Rockyou’ compilation originated from a social application site of the same name. The data breach resulted in over 32 million user accounts and passwords being stolen. It was also found that RockYou stored user account data in plain text, so no decryption or reverse hashing was needed. The dumped password compilation quickly became used by other hackers as a dictionary file for cracking other password files.
The new compilation is several magnitudes larger than the original password dump. However, on closer inspection, it appears that the list is not what many believe it to be. Far from a compilation of actual passwords, RockYou2021 is more like a list of words scraped from websites such as Wikipedia. The list indeed contains passwords but is not purely a password dump compilation. Troy Hunt from haveibeenpwned points this out in a Tweet after reviewing the passwords contained in the dump: