An analysis of data collected by Rapid7’s RDP and SSH honeypots between September 10, 2021, and September 9, 2022, found tens of millions of connection attempts.
Between RDP and SSH honeypots, the honeypots collected 512,002 distinct passwords and 215,894 distinct IP source addresses. Rockyou2021.txt contains almost all of the passwords (99.997%). Rockyou was breached in 2009. The attackers discovered 32 million cleartext user accounts and took them. A list of 14,341,564 passwords that was later made public became the original rockyou.txt, which was distributed with Kali Linux to help with penetration testing and is frequently used in dictionary attacks.
The original password list was expanded over the ensuing years, and as a result, the rockyou2021.txt collection now contains 8.4 billion passwords in a 92 GB text file.