Great shocking news comes here from a security researcher, who reveals the fact that around 10 Millions passwords have been leaked along with its username. On intriguing more the researcher claimed that the dumped passwords are locked at the websites such as haveibeenpwned and pwnedlist where users can identify the password and notify if their username can be identified or not.
Mark Burnett, in the first half of the week wrote a blog titled “today I am releasing ten million passwords”. Further, giving example about the reasons about writing this article, he explained that it is a “carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security”.
Burnett also claimed that the posted password is now regarded as “dead passwords”. Moreover, they will not proceed to the authentication as these dead passwords will not lead you anywhere. When we asked about the fact that why did he release such a large number of passwords and usernames, to the public domain, he replied that
Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords, but for quite some time I have wanted to provide a clean set of data to share with the world. A carefully-selected set of data provides great insight into the user’s behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain.
However, Burnett suggested that the Blog supports the several reasons for embarking on the huge password leaks are just posted for the research purpose and is not intended to disrepute anyone. Moreover, taking a firm stand on this issue, he says that he finds it absolutely absurd to discuss his defense and contribute an article providing the justification to his research task in order to protect him from the prosecution and legal harassment.
To add, he also stated that he wanted to hit on taking out data and explaining it, but he will bang on that a little later as he afraid of getting raided by FBI so he wants clear out the matter at first. At this note Burnett explains that the list is a part of sample that he has introduced and cannot guarantee anybody whose password has been leaked outside the shared list.
[ Source ][ Via ]