Have I Been Pwned releases trove of “pwned” passwords
Troy Hunt, the security researcher who revealed the Master Deeds leak, has launched Pwned Passwords V2. “Last August, I launched a little feature within Have I Been Pwned I called Pwned Passwords,” said Hunt. Hunt has added 711 million records from the Onliner Spambot dump and 1.4 billion clear text credentials obtained from the dark web.
Combined, this resulted in 501 million unique compromised passwords. The passwords are SHA-1 hashed, so they are not immediately visible. Hunt has also added a counter in the dataset to indicate how many times a password has appeared.
“This list is not perfect and there will be some junk, due to input data quality and some missing passwords because they weren’t in the source data sets,” said Hunt.