Security Researcher Publishes 10 Million Passwords Alongside Usernames

Advertisement
By NDTV Correspondent | Updated: 13 February 2015 16:51 IST
A security researcher has revealed a random sampling of dumps consisting of 10 million passwords alongside usernames. Notably, the researcher claims that the dumped passwords were sourced from websites like haveibeenpwned and pwnedlist where users can check and be notified if their own accounts have been compromised.

Mark Burnett earlier this week in a blog titled "Today I am releasing ten million passwords" gave reasons why he published the article and also explained that "a carefully-selected set of data provides great insight into user behaviour and is valuable for furthering password security."

(Also see: 4 simple tips to keep your online accounts secure)

Advertisement

Burnett further claimed that posted passwords are "dead passwords" and added they "cannot be defined as authentication features because dead passwords will not allow you to authenticate."

Explaining his reasons to release the large number of passwords and usernames to the public domain, Burnett wrote, "Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords but for quite some time I have wanted to provide a clean set of data to share with the world. A carefully-selected set of data provides great insight into user behaviour and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain."

Advertisement

Burnett in his detailed blog had to give several reasons to suggest that leaked passwords posted are just for research purpose and is not intended to harm anyone. He adds, "I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment. I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me."

Additionally, BGR points out that a site created based on the data released by Burnett is live and allow anyone to check whether their accounts have been compromised. The website, named Rehmann, searches the usernames and passwords based on partial search terms. Users can visit to site to ensure their passwords are not part of the list.

Advertisement

Burnett in his final note adds that the shared list includes just a sampling and cannot guarantee anyone that if the password is not in the shared list - is safe. "Be aware that if your password is not on this list that means nothing. This is a random sampling of thousands of dumps consisting of upwards to a billion passwords," he notes.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Internet, Passwords
Advertisement

Related Stories

Popular Mobile Brands
  1. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  2. How to Watch the FIFA World Cup 2026 Final Live Stream in India
  3. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  4. Chromebook or Windows Laptop: Which Is Right for You?
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.