A security researcher has publicly released a set of 10 Million usernames and passwords, which he collected from multiple data breaches over the last decade for the purpose of his research.
10 million passwords
These 10 million usernames and passwords are collective of leaked database dumps those were already available publicly on the Internet. However, Mark Burnett, a well-known security consultant who has developed a specialty collecting and researching passwords leaked online, marked his decision to publish the password dump as legally risky, but necessary to help security researchers.
The reason behind the password dump.
The researcher says the released set of passwords and usernames is like a sample data, which is important for other researchers to analyze and provide great insight into user behavior and is valuable for encouraging.
Also, the researcher was frequently receiving lots of requests from students and other security researchers to submit a copy of his password research data for their own analysis.
The fear behind it.
At the time, he typically decline to share the passwords because he was worried that if he do so, it might harm him legally given the recent five-year sentence handed to former Anonymous activist and journalist Barrett Brown, for sharing the hyperlink to an IRC (Internet Relay Chat) channel where Anonymous members were distributing stolen information from the hack.
However, at the same time, Burnett wanted to share his password research data with the world in order to study the way people choose pass phrases.
The source of the credentials.
Burnett has collected the data from major data breaches at big companies including Adobe Data Breach and Stratfor hack, all of which have already been publicly available over the Internet, which could be easily found through Web searches.
According to the researcher, most of the leaked passwords were “dead,” meaning they had been changed already, and he has scrubbed other information such as domain names to make it unusable for cyber criminals and malicious hackers. However, usernames or passwords found on the list that are still in use should be changed immediately.
Almost 10 million passwords released by the researcher, for instance, could help other researchers to determine how often users include all or part of their usernames in their passwords. However, 10 Million is a very big number, but Burnett defended that all of the leaked data was already available online.