Sunday, February 15, 2015

Security Researcher Discloses 10 Million Passwords, Usernames In Public Domain

  A security researcher has disclosed random 10 million passwords along with usernames. The researcher has claimed that the dumped passwords have been sourced from websites like haveibeenpwned and pwnedlist, which are used by users to check if their accounts have been compromised.




Earlier in a blog, the researcher Mark Burnett posted, "Today I am releasing ten million passwords" gave reasons why he published the article and also explained that "a carefully-selected set of data provides great insight into user behaviour and is valuable for furthering password security." Burnett has also ensured that all the passwords are “dead” now and added that they "cannot be defined as authentication features because dead passwords will not allow you to authenticate."

Burnett has also explained why he released the passwords and usernames in the public domain, "Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords but for quite some time I have wanted to provide a clean set of data to share with the world. A carefully-selected set of data provides great insight into user behaviour and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain."

Burnett had to clarify why he posted the leaked passwords in the public domain to ensure that it's completely for research purpose and not to attack anyone. His blog further reads, "I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment. I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me."

BGR has also reported that a site has been created based on this data and it's live now. On this site, anyone can check whether their accounts have been compromised or not. The website, allows you searching the usernames and passwords to make it sure that your username and password is not on the list. 

No comments:

Post a Comment