They named it rockyou.txt .
And fifteen years later, Daniel Cross had used the same password to protect his retirement account at the credit union. rockyou.txt
She didn’t need to look inside. She already knew. Every cybersecurity professional did. It was the ghost of Christmas past, a breach from 2009 of a social media app for making digital “slideshows.” The attackers had posted the passwords in plaintext. For fifteen years, that file had been the first tool in every brute-force hacker’s kit. They named it rockyou
The breach was particularly devastating because the company had been storing over (unencrypted). A hacker downloaded the database and eventually released a list of over 14.3 million unique passwords . Why It Became the Gold Standard rockyou.txt