In February 2015, security analyst Mark Burnett released 10 million passwords on xato.net, fearing he would be arrested by the FBI for doing so.
He wrote in a blog post:
Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords but for quite some time I have wanted to provide a clean set of data to share with the world.
He also listed a number of methods he had employed in releasing the data to the world that ensured the logins could not "be used for illegal purposes".
Most of the data was also available in smaller doses on publicly accessible websites - the reason being that most of the passwords were more than ten years old and should, in theory, be dead.
Most websites will now ask for your password to contain a certain amount of letters or number to ensure some variety and security.
He also pointed out:
If a hacker needs this list to hack someone, they probably aren’t much of a threat.
Recently, the post has been subject of a chart on a data subreddit, which found the most common passwords in the database.
Anyway, if you have one of these passwords, you definitely, definitely need to change it.
In order of most common passwords, the top 25 were as follows:
- 123456
- password
- 12345678
- qwerty
- 123456789
- 12345
- 1234
- 111111
- 1234567
- baseball
- abc123
- football
- monkey
- letmein
- 696969
- shadow master 666666
- qwertyuiop
- 123321
- mustang
- 1234567890
- michael