10 million stolen passwords leaked online


Earlier this week, Internet security researcher Mark Burnett posted the details 10 million stolen passwords and users in an article on his security blog.

However, rather than being for malicious reasons, the leaking of the passwords is all in the name of research and was posted in protest at US cybersecurity laws.

Giving his reasons for leaking the passwords, Burnett wrote: “Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords but for quite some time I have wanted to provide a clean set of data to share with the world. A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain”.

“I clearly have no criminal intent here,” Burnett continued. “It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that are supposed to be protecting us instead of trying to find ways to use the laws against us.”

Burnett’s comments come in the wake of the case against Barrett Brown, a ‘hacktivist’ who was arrested for copying and pasting a link to leaked data and eventually sentenced to 63 months in jail.

In addition to explaining why he leaked the passwords, Burnett also uses a good part of his blog post to state why he shouldn’t be arrested for his actions, saying that most of the leaked usernames and passwords date back more than 10 years, were already in the public domain on numerous hacking sites and have probably already expired.

It remains to be seen what action, if any, will be taken against Burnett, who also states that his actions would be illegal under new cybersecurity laws recently proposed by President Barack Obama.

The full list of leaked passwords can be downloaded here.