Researcher Creates Clearinghouse Of 14 Million Hacked Passwords

Researcher Creates Clearinghouse Of 14 Million Hacked Passwords
Researcher Creates Clearinghouse Of 14 Million Hacked Passwords

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Andy Greenberg
The Firewall
August 26, 2010

The "Wall of Sheep" has become a cherished tradition at the annual 
Defcon hacker conference in Las Vegas: Anyone foolish enough to use the 
local wireless network at the hotel will likely have his or her username 
and password stolen, and later see those vital digital details projected 
onto a screen for thousands of attendees to see.

Now Canadian researcher Ron Bowes has created a sort of Wall of Sheep 
for the entire Internet. By simply collecting all the publicly-spilled 
repositories of users' passwords from recent hacking incidents, he's 
created a clearinghouse for stolen passwords on his Web site - 
14,488,929 distinct passwords to be exact, collected from 32,943,045 

Bowes didn't steal these passwords, and they're not associated with 
usernames, an extra piece of data that would make listing them far more 
dangerous. All but 250,000 or so became public after the breach of, a social networking applications site penetrated by 
cybercriminals using an SQL-injection. Another 180,000 were spilled when 
the bulletin board software site phpbb was hacked using a vulnerability 
in one of the site's plugins. 37,000 more were stolen from MySpace using 
phishing techniques.

Bowes, a consultant with Dash9 security and a developer for security 
scanning tool NMap, says he collected the passwords to help researchers 
figure out how users choose passwords and make the authentication 
process more secure. The site he=E2=80=99s assembled is a wiki, so anyone can 
update it with new breached password lists. "Since I created it, I've 
had exceptionally good feedback from researchers around the world.," 
Bowes wrote in his blog. " As far as I know, it=E2=80=99s the best collection of 
breached passwords anywhere."


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Subscribe to InfoSec News - 


Site design & layout copyright © 1986-2014 CodeGods