Security researcher Mark Burnett released a torrent of 10 million passwords and usernames. He claims that the data is sourced from open websites from around the web. The passwords and usernames are older and most probably dead and, most importantly, Burnett sourced them from websites that were generally available to anyone and discoverable via search engines in a plain text format and therefore already widely available to those with an intent to defraud or gained unauthorized access to computer systems.
Burnett said “Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords but for quite some time I have wanted to provide a clean set of data to share with the world. A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain.”
Since law is often opaque regarding technical issues and legislators are ignorant when it comes to the same, people like Burnett are actually afraid to publish their research. Burnett had a great deal of trouble deciding whether he wanted to release these passwords.
Why did he do it? Password behaviors are often non-transparent. No one knows why we choose certain passwords over others nor do they have any way of assessing the relative strength of passwords on the web. While corporations like to say their password databases are secure, how do we know? And how can they be secure when the most popular password is “password”?
You can download these passwords and figure out just where you’re going wrong!