A security consultant just published 10 million password and username combinations, and one of them might be yours.
The security researcher, Mark Burnett, isn’t an ill-intentioned hacker. Rather, he’s published millions of online credentials in the hopes of better researching password security. Posting the information could allow other security researchers to gain a better understanding of how we choose passwords and usernames, and ultimately make us safer.
Burnett picked up the passwords from a random sampling of dumps already dotted around the Internet, so he’s not hacking accounts and stealing credentials. Instead, these passwords are already out there. Plus, many of them are already obsolete, Burnett says.
Still, some might argue Burnett is breaking the law by publishing the credentials, and he runs the risk of running afoul of law enforcement for publishing credentials.
Here’s Burnett on his blog (hat-tip to Gizmodo):
Although researchers typically only release passwords, I am releasing usernames with the passwords. Analysis of usernames with passwords is an area that has been greatly neglected and can provide as much insight as studying passwords alone… In the case of me releasing usernames and passwords, the intent here is certainly not to defraud, facilitate unauthorized access to a computer system, steal the identity of others, to aid any crime or to harm any individual or entity. The sole intent is to further research with the goal of making authentication more secure and therefore protect from fraud and unauthorized access.
More Must-Reads From TIME
- The 100 Most Influential People of 2024
- The Revolution of Yulia Navalnaya
- 6 Compliments That Land Every Time
- What's the Deal With the Bitcoin Halving?
- If You're Dating Right Now , You're Brave: Column
- The AI That Could Heal a Divided Internet
- Fallout Is a Brilliant Model for the Future of Video Game Adaptations
- Want Weekly Recs on What to Watch, Read, and More? Sign Up for Worth Your Time
Contact us at letters@time.com