Have I Been Pwned releases trove of “pwned” passwords

Troy Hunt, the security researcher who revealed the Master Deeds leak[1], has launched Pwned Passwords V2[2]. “Last August, I launched a little feature within Have I Been Pwned I called Pwned Passwords,” said Hunt. Hunt has added 711 million records from the Onliner Spambot dump[3] and 1.4 billion clear text credentials[4] obtained from the dark web.

Combined, this resulted in 501 million unique compromised passwords. The passwords are SHA-1 hashed, so they are not immediately visible. Hunt has also added a counter in the dataset to indicate how many times a password has appeared.

“This list is not perfect and there will be some junk, due to input data quality and some missing passwords because they weren’t in the source data sets,” said Hunt.

To download the list of passwords, or check whether your password appears in the list, visit the Passwords page on Have I Been Pwned[5].

Now read: Firefox to warn you about hacked websites[6]


  1. ^ Master Deeds leak (
  2. ^ Pwned Passwords V2 (
  3. ^ Onliner Spambot dump (
  4. ^ 1.4 billion clear text credentials (
  5. ^ Have I Been Pwned (
  6. ^ Firefox to warn you about hacked websites (

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.