Passwords

There are over 7 billion passwords in goldmine. Where did these come from?

Some data breaches do include cleartext passwords. These are generally the large and well known collection data breaches, such as:

Collection 1-5
Antipublic
Exploit.in

This does not account for 7 billion passwords, however. The rest of them are sourced from crowdsourced password guesisng efforts on password hashes that are disclosed in data breaches. These come from websites like:

hashes.org (defunct)
hashes.com
hashmob.net (personal favorite)

On these sites, users can earn points/credit by submitting found password hashes. While this could yield some material benefit, the majority of these sites users do it for fun. This is a huge service to the security community, and many of the members are security professionals by day.

Importing Passwords

todo

basically just a huge SQL join

Passwords

Importing Passwords​

Importing Passwords