Researcher publishes 10 million passwords, usernames

Zmeel Photography | E+ | Getty Images

Zmeel Photography | E+ | Getty Images

Your password may be floating around on Twitter.

An IT security analyst named Mark Burnett published 10 million passwords with their corresponding usernames on his blog on Monday.

Why? Because he said he wanted “to get good, clean, and consistent data out in the world so others can find new ways to explore and gain knowledge from it.”

In other words, his aim was to advance what we already know about how people choose passwords.

While the blog post where the passwords were published appears to be down, a Twitter bot called @10millionpasswords has been created to tweet out all the 10 million usernames and passwords.

Read More From ‘123456’ to ‘monkey’: World’s worst passwords

Burnett said that none of the passwords he posted were new leaks, that all of them had already been released to the public.

“They all are or were at one time completely available to anyone in an uncracked format. I have not included passwords that required cracking, payment, exclusive forum access, or anything else not available to the general public. You should still be able to find a large number of these passwords via a Google search,” Burnett said in a follow-up blog post on Tuesday.

“The thing to remember here, though, is that I am not releasing this data, I have just aggregated and cleaned up already public data,” he said.

Burnett also said in his post that if a hacker needs this list to hack someone, they probably aren’t much of a threat.

Read More Better password safety in five minutes

While Burnett said he believes the release of the passwords is ethical, he said he has concerns the release might make him the target of an FBI raid, citing the case of a former Anonymous activist who was sentenced to five years in prison for posting hacked data on the Internet.

Barrett Brown, the former Anonymous activist, was sentenced this year partly because he posted hacked authentication data on the Internet. While some charges of trafficking authentication features were dropped against Brown, Burnett said the charges overall still influenced his case.

“The arrest and aggressive prosecution of Barrett Brown had a marked chilling effect on both journalists and security researchers. Suddenly, even linking to data was an excuse to get raided by the FBI and potentially face serious charges. Even more concerning is that Brown linked to data that was already public and others had already linked to,” Burnett said.

“I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment. I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me,” he added.

The FBI did not respond to a request for comment.

This entry was posted in Cybersecurity, Technology. Bookmark the permalink.

Leave a Reply