Mark Burnett, an independent security analyst, recently released 10 million passwords and usernames. Burnett scrubbed financial and domain information from the data and said his goal was “to further research with the goal of making authentication more secure and therefore protected from fraud and unauthorized access.”
Was this decision a responsible approach improving password security?
Listen to our latest security slice podcast and hear Tim Erlin, Craig Young and Lane Thames discuss why it was necessary to include usernames in the data dump, the difference between publishing and trafficking in passwords and why legal action against Burnett could hurt future security research.
CLICK HERE TO LISTEN TO THE PODCAST
- Security Slice: Exchanging Threat Exchanges
- Security Slice: Big Backdoor Problems
- Security Slice: GHOST in the Shell
- Security Slice: Dreaming of Credit Card Security