Security researcher Mark Burnett has released 10,000,000 username/password combos he’s downloaded from well-publicized hacks, citing the prosecution of Barrett Brown and the looming Obama administration crackdown on security researchers as impetus to do this before it became legally impossible.
Burnett says that password releases are common in security research, but user/pass combos are an under-researched and important field that is under direct threat due to the activities of zealous, technologically ignorant prosecutors and lawmakers.
Including usernames alongside passwords could help advance what’s known about passwords in important ways. Researchers, for instance, could use the data to determine how often users include all or part of their usernames in their passwords. Besides citing the benefit to researchers, Burnett also defended the move by noting that most of the leaked passwords were “dead,” meaning they had been changed already, and that all of the data was already available online.
Fearing an FBI raid, researcher publishes 10 million passwords/usernames [Dan Goodin/Ars Technica]