Klaus Zimmermann's Corner

On the origin of the infamous 'rockyou.txt' wordlist...

Holy crap, it never appeared to me that this was the actual origin of the infamous rockyou.txt wordlist used in many a password cracking applications:

Back in 2009, a company named RockYou was hacked. This wouldn't have been too much of a problem if they hadn't stored all of their passwords unencrypted, in plain text for an attacker to see. They downloaded a list of all the passwords and made it publicly available.


The Wikipedia entry for a web company called 'RockYou' also seems to sort of confirm this. And so it began... probably later aided by countless database breaches from reckless companies to form the 14-million+ gargantua we have today.

Lessons learned? A teeny-tiny password can go a long way to become a huge liability itself. If not for your website, for everyone else's!