The RockYou2021 Password Leak Adds New Fuel for Cybercrime
Vast stores of passwords have accumulated on the dark web, providing ample ammunition for cyberattacks. Cybercriminals can easily buy and sell a valuable commodity like passwords in dark web data markets or harvest huge nodes of passwords for free from dark web data dumps. An estimated 60% of the data that was already on the dark web at the start of 2020 could harm businesses and approximately 22 billion new records landed in dark web data markets and dumps in 2020, providing further fuel for cybercrime. Now that stock of stolen credentials has received a big boost from what experts are calling the largest credential file to ever hit the dark web at once in the RockYou2021 password leak.
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
The RockYou2021 Password Leak Rocked the Dark Web
A 100GB text file dubbed RockYou2021 was leaked by an anonymous user on a popular hacker forum. This new cache of data is estimated to contain 8.4 billion passwords. The most likely source for this collection of credentials is past cybercrimes. Passwords are always on the top of the cybercriminal’s shopping list and they’re snatched whenever possible in a data breach or ransomware attack. Credentials were the top type of information stolen in data breaches worldwide in 2020 accounting for about 60% of North American breaches, 90% of APAC region breaches and 70% of EMEA breaches.
The new RockYou2021 password leak is a wide-ranging collection, comprised of both new, previously unavailable passwords and passwords that may have appeared on the dark web as the spoils of past breaches. It also boasts a large variety of passwords from myriad sources that range from 6 to 20 characters with non-ASCII characters and white spaces removed. In many circles, experts are saying that this new password leak is comparable in scale to the famed “Compilation of Many Breaches,” or COMB, a 3.2 billion collection of email-and-password pairs that hit the dark web earlier in 2021. A portion of the passwords in the RockYou2021 dump were also included in the COMB dump, data that was collected by cybercriminals in previous breaches at well-known companies like LinkedIn and Netflix
Researchers estimate that the RockYou2021 compilation includes the passwords of the complete global online population almost two times over. Password dumps like this one are extremely dangerous for every business. In the 2021 Data Breach Investigations Report, Verizon researchers noted that approximately 60% of data breaches involve improper use of credentials. Obtaining passwords, whether it’s from phishing or a dark web password dump, gives cybercriminals an express route to the heart of businesses. Just one privileged password can not only give bad actors access to their victim’s systems and data, but also to easy routes that allow them to prey on their victim’s clients and associates.
Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>
Cybercriminals Can Weaponize Passwords in Many Ways
The RockYou2021 password dump can endanger business security in many ways, A hefty collection of credentials can be used to power a variety of nasty cyberattacks including
- password spraying
- credential stuffing
- business email compromise
- phishing and spear phishing
- brute force hacking
- other password-based attacks
Another major risk for companies from a dump like this is the danger that comes from employees reusing and recycling their favorite passwords, especially in the era of remote work. In a 2020 survey, although 91% of employee said they understood the risk of password reuse, 59% admitted to doing it anyway. These things happen at companies of every size in every industry. Not only do 48% of workers use the same passwords in both their personal and work accounts, but the average person also recycles a favorite password 14 times!
It also doesn’t matter if an employee is in the mailroom or the boardroom. Bad password habits plague companies at every level, causing unnecessary danger that can lead to cybersecurity disasters. Credentials for higher-level users like administrators and executive accounts are especially prized for their elevated user privileges in company systems as well as their credibility when conducting business email compromise schemes. In a study of Fortune 100 companies, researchers determined that a whopping 76% of employees and executives at the world’s largest companies are reusing passwords across personal and professional accounts.
Give your clients the cold, hard facts that tell the tale of exactly how much danger their business is in. GET THIS FREE BOOK>>
Cybersecurity professionals know that password shenanigans are endemic and present huge risks for the companies that they’re trying to secure. Those complications became much worse in 2020 as security teams scrambled to secure a suddenly remote workforce. An estimated 60% of respondents in a recent IT professional survey indicated their organization had experienced a password recycling/reuse/iteration-related security breach in 2020. That means that every business needs to take sensible precautions to reduce their risk of trouble – and we can help.
First and foremost, adding a secure identity and access management solution to control access to systems and data that’s also dynamic enough for a flexible workforce is a must. Passly is the perfect choice to provide strong protection against password-related cybercrime while making it easy for everyone to get the job done anytime, anywhere.
Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>
Get Big Security Value at a Small Price with Passly
Passly gives you the robust functionality of multiple solution in one affordable package including:
- Multifactor Authentication – Your secret weapon against credential compromise, MFA prevents 99% of password-related cybercrime without IT teams having to lift a finger.
- Single Sign-On – The unsung hero of security gives IT teams an edge when securing access points as well as a powerful tool against intrusion by allowing them to isolate compromised user accounts fast.
- Automated Password Resets – Why waste time on a sea of password reset requests? Everyone benefits by eliminating that chore with automated password resetting that’s always on the job.
- Fast, Seamless Integration and Management – Get everything protected immediately with deployment in days, not weeks, and seamless integration with over 1,000 apps that can be easily managed remotely.
It pays to put strong protections in place immediately before an expensive cybercrime disaster comes knocking on your door like it did for 80% of other businesses in 2020. Contact our solutions experts today for a customized demo of our digital risk protection platform and a free assessment of your risk.
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!