SERV ZERO

RockYou 2009

RockYou was a company that developed widgets for MySpace and implemented applications for various social networks and Facebook. Since 2014, it has engaged primarily in the purchases of rights to classic video games; it incorporates in-game ads and re-distributes the games.

• https://en.wikipedia.org/wiki/RockYou

In December 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts. The company used an unencrypted database to store user account data, including plaintext passwords (as opposed to password hashes) for its service, as well as passwords to connected accounts at partner sites (including Facebook, Myspace, and webmail services). RockYou would also e-mail the password unencrypted to the user during account recovery. They also did not allow using special characters in the passwords. The hacker used a 10-year-old SQL vulnerability to gain access to the database. The company took days to notify users after the incident, and initially incorrectly reported that the breach only affected older applications when it actually affected all RockYou users.

The full list of passwords exposed as a result of the breach is available in Kali Linux, and has been since its launch in 2013. Due to its easy attainability and comprehensive length, it is commonly used in dictionary attacks.

• https://en.wikipedia.org/wiki/RockYou#Data_breach

• https://github.com/zacheller/rockyou

• https://www.kaggle.com/wjburns/common-password-list-rockyoutxt

RockYou 2021

• RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists.

• RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!

• https://github.com/ohmybahgosh/RockYou2021.txt

• https://cybernews.com/security/rockyou2021-alltime-largest-password-compilation-leaked/

---

Filed under: Tools,Uncategorized - @ February 5, 2022 4:29 am