10 Million Real Passwords And Usernames Dropped On The Internet
As a Safer Internet Day gift, a security researcher named Mark Burnett uploaded a torrent file containing 10 million real passwords and usernames gathered from all over the Internet. The released data is pretty old so it's highly probable that most of the accounts are dead or the passwords have been changed. According to Mr. Burnett, the information in the file is compiled from user names and passwords that were already posted on websites that anyone could access (in plain text, unencrypted and "findable" through search engines).
What drove the researcher to release such a huge amount of information? Mr. Burnett said that password security is a very foggy area as no one can figure out why people choose the passwords that they choose. This means that it's almost impossible to tell if a password is actually secure or not. So maybe studying a big bulk of data could help others understand what kind of passwords would come close to being unique and which should be avoided.
Mark Burnett has been sitting on this data for quite a while, pondering if he should release it to the general public or not. The problem wasn't the fact that he wanted all the passwords for himself, but that publishing them might be construed as illegal by some. The law regarding this kind of actions is pretty obscure and others have been jailed for similar things, even though they didn't have any malicious intentions. If you want to check the torrent file for yourself and see if your password is among the released data, you can download it from Mark Burnett's blog post.
