An analysis of data collected by Rapid7’s RDP and SSH honeypots between September 10, 2021, and September 9, 2022, found tens of millions of connection attempts. The honeypots captured 215,894 unique IP source addresses and 512,002 unique passwords across RDP and SSH honeypots. Almost all the passwords (99.997%) can be found in rockyou2021.txt.

In 2009, Rockyou was hacked. The attackers found and stole 32 million cleartext user accounts. A subsequently exposed list of 14,341,564 passwords became the original rockyou.txt widely used in dictionary attacks and included with Kali Linux to aid penetration testing.