Despite the fact that we are increasingly careful with our passwords , there are companies that are not with our data. Because of this, hacks occur in which our credentials end up exposed. In the Have I Been Pwned database there are already almost 11.4 billion accounts , and now a database with almost the same number of entries has just been leaked in what is the largest leak in history .
This has been published by CyberNews, which has detected the publication of this database in a popular hacking forum. That database consists of a 100GB TXT file that contains 8.4 billion password entries , which are probably a combination of most of the databases available on the net from other hacks.
8.46 billion passwords in 100GB
All passwords in the leak are in plain text, and are between 6 and 20 characters long, where non-ASCII characters and spaces have been removed. The hacker who published the database claimed that in total there were 82,000 million records, but in reality they are slightly less than 8.46 billion.
The user has named the database as ” RockYou2021 “, probably referring to the RockYou leak in 2009, where hackers accessed the servers of the social network and obtained 32 million passwords.
The record for the largest leak so far was held by what was called Compilation of Many Breaches (COMB) , with 3.2 billion passwords. According to the researchers, that database is included in this leak.
Check if your password is in the leak
There are currently about 4.7 billion people connected to the Internet, so this database doubles that number. Therefore, the probability that one of our passwords is there is quite high. The danger with these databases is that they can be used as dictionaries to try to hack accounts or networks through massive checks.
If we have doubts about whether our password is leaked or not, Have I Been Pwned (HBIP) have recently launched a password checker , where we only have to enter it and see if it is present in any leak. CyberNews also has their password checker , where they are currently uploading the database. It is hoped that HBIP will also do the same in the next few hours.
These types of databases are usually sold on the Dark Web, and it is rare that they end up leaking to the general public in these hacking forums, in a format that is also accessible to all.
If our passwords are there, it is advisable to change them immediately and activate two-step verification so that no one can access our accounts. The random passwords generated by password managers such as Google or LastPass are ideal for this type of situation, where Google also offers the convenience of automatically checking the security of our passwords and if they are present in hacks like this.