Mark Burnett motivated his disclosure of the passwords and usernames in a blog dubbed “Today I am releasing ten million passwords”. The researcher noted that accurately selected data offers incredible insight into client conduct and is important for assisting password security.
Burnett further guaranteed that leaked passwords are “dead ones” and included they can’t be used as authentication options because that dumped passwords won’t prompt account access.
Detailing his motivation to discharge the vast number of log in data to the general public, Burnett composed:
“Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords but for quite some time I have wanted to provide a clean set of data to share with the world. A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain.”
The researcher further went on explaining why the released data is only intended for research and not to mischief anybody. Burnett believes it is absurd he has to justify his actions in a whole blog entry for fear of legal prosecution being directed towards him. He likewise noted that he intends to write a next article about the data he released specifically. However, he was compelled by the current circumstances to take measures to avoid any legal action against him.
Also, BGR reported that an internet page made based on the information discharged by Burnett is live and allows anybody to verify whether their records have been hacked. The site, called Rehmann, looks for the usernames and passwords relying on partial inquiry terms. Users can access the site to see if their passwords are part of the rundown.
In his last note Burnett mentions that the public rundown incorporates simply sampling and can’t promise users that if the secret key is not in post it has not been compromised. He ended his blog entry warning users that the absence of their data from the list does not imply anything as there are thousands of dumps consisting of close to a billion passwords.
Image Source: Thai Tech