Researcher releases 10M user/pass combos

[Permalink]

1 Like

The majority of this article is about the legal issues surrounding having this kind of data and how the dataset was carefully checked and designed to be dead data and useful for research purposes only. The author takes extra pains to explain this because he’s concerned that people will think the data could be misused or might affect them negatively and people are being prosecuted based on these misunderstandings.

So it’s pretty frustrating to see “Are you affected?” connected to this article on the homepage. You’re not affected, it’s supposed to be a clean dataset. If you were affected by these passwords leaking you should have been notified years ago when they originally leaked, so this isn’t what’s leaking your information. And it’s this kind of second-hand labeling that the original article is specifically trying to avoid to begin with.

7 Likes

“You’ll be shocked when you find out whether you’re affected.”

Edit: Huh, BB editor calling out click-baiting on BB? Or is someone else using the name?

2 Likes

Because it’s not like previous attempts to exploit/de-anonymize “dead data” have ever been successful…

Which is not to say that I think releasing this data should be a crime or that releasing it is Not A Good Idea™ – after all, as he points out, all of this data is already available publicly thanks to the original hackers – but rather I taken with a ginormous grain of salt the claim that this particular dataset has been purged of anything that could negatively impact the individuals whose passwords/usernames are contained therein.

1 Like

Doesn’t matter if this so-called researcher claims the passwords are dead. Would you want your child exposed to outrageous filth? I didn’t think so - prosecute!

EDIT: Nine eleven too.

4 Likes

There is clearly a link between the increase of “internet passwords” and the increase of autism in our poor defenseless children. Coincidence, I think not!

3 Likes

$ cat 10-million-combos.txt | cut -f 2 | grep ‘^123456$’ | wc -l
55893

3 Likes

I know, right?!

2 Likes

Ya, can’t believe how careless people can be?
I sleep so much better after changing to 12345678 after reading this, Is your “secure” password 8 characters or less? You have less than 6 hours to change it or kiss your “security” goodbye, a few years ago.

1 Like

Yeah but

$ cat 10-million-combos.txt | cut -f 2 | grep ‘^password’ | wc -l
870

I would have guessed a lot more than 870 out of 10⁷

Edit: Actually it’s down to 720 after converting the EOL format and adding the $ to the query.

1 Like

How many of these were used in important contexts? Where money or serious information was in stake? I myself may be using such low-end passwords if it is about something like online newspaper registration or some other silliness.

4 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.