Elizabeth Renstrom for TIME
February 10, 2015

A security consultant just published 10 million password and username combinations, and one of them might be yours.

The security researcher, Mark Burnett, isn’t an ill-intentioned hacker. Rather, he’s published millions of online credentials in the hopes of better researching password security. Posting the information could allow other security researchers to gain a better understanding of how we choose passwords and usernames, and ultimately make us safer.

Burnett picked up the passwords from a random sampling of dumps already dotted around the Internet, so he’s not hacking accounts and stealing credentials. Instead, these passwords are already out there. Plus, many of them are already obsolete, Burnett says.

Still, some might argue Burnett is breaking the law by publishing the credentials, and he runs the risk of running afoul of law enforcement for publishing credentials.

Here’s Burnett on his blog (hat-tip to Gizmodo):

Contact us at editors@time.com.

Read More From TIME

EDIT POST