A list of 10 Million passwords and usernames has been released by researcher Mark Burnett under a Creative Commons Attribution-ShareAlike 3.0 Unported License and can be torrented by anybody.
Unfortunately, despite of all the precautions taken to clean the list, hide the identities of people and hide the accounts domains, it's not difficult to find people's identities, correlate the data to guess the domains and find some live accounts in this list.
After having checked that we were not in this list, we tried to combine by curiosity some usernames/passwords/domains, and it did not take us long to find some live accounts.
Read more to understand why you should check if you are in this list...
This list was released based on some assumptions that are questionable, for example that all its content can be found on the internet since a long time (up to ten years) if you search for it, so the corresponding accounts are supposed to have been fixed, but this is not necessarily the case
In addition, some people have the same accounts since more than ten years, so they could appear on this list and they could still be using the same usernames and/or passwords.
Or the list could just contain references to usernames and/or passwords that you are using.
M. Burnett gives on his blog a lot of arguments to explain why this list is not dangerous and how it just represents a small part of the passwords known/monitored/collected worldwide on the internet
Maybe... But it remains disturbing that we could find so easily and so quickly some working accounts, this just means that the probability to find a lot is not negligible at all.
That's why you might want to use this tool and check if you are in there or not, and if the answer is yes then you should modify your usernames/passwords, please see the FAQ
Why is it not free of charge here? Because we don't want to be overloaded by requests, neither be queried by some bots or whatever dubious stuff that exist on the internet, neither force you to open a "free of charge" intrusive account to use the tool, neither force you to fight with a captcha and neither have to restrict your searches and the results for all the reasons mentioned previously. You can donate and contribute to our other privacy oriented projects like Peersm - Anonymous torrents inside browsers and Torrent-live : anti-spies and private torrents, dynamic torrent blocklist while doing something useful for you at the same time.
Or, as suggested by M. Burnett, you could just google you username/password to see if they have been leaked, which we would not recommend at all, and as a matter of fact googling the accounts that we discovered did not work for most of them.
If you don't trust that we don't record anything and therefore suspect that we could correlate some of your queries with your Paypal email address to guess your passwords, just create a temporary email address (or a fake one) and use it with Paypal to proceed with your credit card, then delete everything, we just keep records of Paypal transactions and will never disclose the data.
We could use anonymous donation like bitcoins but we don't believe that people using bitcoins really need this tool to check the list and vice-versa that people needing the tool know how to use bitcoins.
WARNING: we don't record anything but while using this tool NEVER give your complete username or password, just pass a part of it to check if you find some matches in the results, and make sure that nobody can correlate anything between the check of an username and/or a password.
Example: if you password or username is 'FindMyAss', try something like 'ndMy' or 'indM'
Search is case sensitive, for security and legal reasons the tool will not return to you a list of usernames and passwords but the number of matches according to your query:
Matches: 1 username and 1 password
Some free tools exist but the searches are more limited, less precise and they include some tracking stuff, you can use them at your own risks.
Sample of the tool:
Creative Common BY-SA License