The ‘RockYou2021’ password leak has exposed 8.4 billion private login entries. A forum user had posted a massive 100GB TXT file dubbed ‘RockYou2021’ that contains 8.4 billion entries of passwords, which most probably been combined from previous data leaks and breaches.

Rockyou2021 Password Leak

All passwords included in the leak are 6-20 characters long, with non-ASCII characters and white spaces removed. The same user also claims that the compilation contains 82 billion passwords.


The exposed credentials could include private login information for Gmail, Facebook, Apple, Paypal, and more.

After running the tests, the actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries:

The leak was dubbed as “RockYou2021”, which is a reference to the RockYou data breach in 2009 that similarly exposed 32 million user passwords. The passwords are all up to 20 characters long, and can easily be searched within the file.

Example of leaked passwords included in the RockYou2021 Compilation

This new password leak is compared in scale to the “Compilation of Many Breaches,” or COMB leaked more than 3.2 billion email-and-password pairings, along with passwords from multiple other leaked databases.

RockYou2021 compilation includes the passwords of the complete global online population almost two times over. As a result, users are suggested to immediately check if their passwords were included in the leak.

Users can check with the CyberNews personal data leak checker or CyberNews leaked password checker, where password entries from the RockYou2021 compilation are being uploaded.

Possible Impact

Threat actors can use the RockYou2021 collection to build up password dictionary and password spraying attacks against countless numbers of online accounts.

Secondly, as most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if not billions, says the report.

How to Avoid Potential Harm from Threat Actors?

  • Use a personal data leak checker and leaked password checker to see if your data has been leaked.
  • If your data has been compromised, make sure to change your passwords across your online accounts.
  • Enable two-factor authentication (2FA) on all of your online accounts.

Be careful with incoming spam emails, unsolicited texts, and phishing messages. Don’t click on anything that seems suspicious, including emails and texts from senders you don’t recognize.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.