You probably heard this week about 5 million @gmail.com accounts posted. I’ve been researching it independently, and was hoping for some community help (this is completely unrelated to the fact that I work at Google - I just like passwords).
I’m reasonably sure that the released list is an amalgamation of a bunch of other lists and breaches. But I don’t know what ones - that’s what I’m trying to find out!
Which brings me to how you can help: people who can recognize which site their password came from. I’m trying to build a list of which breaches were aggregated to create this list, in the hopes that I can find breaches that were previously unreported!
If you want to help:
- 1. Check your email address on https://haveibeenpwned.com/
- 2. If you're in the list, email email@example.com from the associated account
- 3. I'll tell you the password that was associated with that account
- 4. And, most importantly, you tell me which site you used that password on!
In a couple days/weeks (depending on how many responses I get), I’ll release the list of providers!
Thanks! And, as a special ‘thank you’ to all of you, here are the aggregated passwords from the breach! And no, I’m not going to release (or keep) the email list. :)
Join the conversation on this Mastodon post (replies will appear below)!