Internet users generally have several email addresses which are used to open social media accounts around the web. When you open these social media accounts, you have to come up with a password and sadly enough, a majority of people come up with such basic passwords which hackers use to breach their accounts.
You might have also seen stories of major social networks and email services that got breached and credentials from millions of accounts get leaked on the Internet. There is a lot of information out there available to hackers and this guy decided to make it easy for any hacker to sell this information to unscrupulous dealers in the dark web.
Troy Hunt yesterday published a blogpost where he says he aggregated what he called “Pwned Passwords” into a database with 320 million passwords which is insane. He aggregated from combo lists which had email addresses and plain text passwords.
One combo list in example had over 805 million rows of email addresses and plain text passwords of which only 593 million are unique. This means there are a lot of email accounts with more than one passwords attached to them which form the difference. What he ended up with was a total of 319.9 million unique Pwned Passwords.
Troy wants this database to be used so that people can search for leaked passwords when registering new accounts or when changing your password to make your accounts secure.
Well if you trust his online search engine, you can check whether your email address or old passwords were breached or you can download the two archives which total to around 5.5GB which are compressed for offline use. The passwords are in hash form (SHA1) instead of plain text since these passwords could contain personal information like names, birthdays or even emails. Just make sure not to search your current password since you can never trust any online websites.