Skip to content
Research on the various credentials databases that have been dumped.
Branch: master
Clone or download
Latest commit 470b319 Jan 31, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit. Jan 30, 2018 Updated Jan 31, 2018
breach-compilation-top-1-million.csv Added BreachCompilation results. Jan 31, 2018



As time goes on, there are more and more credential dumps appearing online.  There are databases from LinkedIn, Adobe, MySpace, Snapchat, Tumblr, Twitter, and many others.  In an effort to understand peoples' password habits, build word lists for weak password checks, etc., I am going to be doing some research on each one.  From there, I can answer questions such as the following:

  • What are the most common passwords?
  • How much password reuse occurs?
  • Can a good password list be generated from these databases?
  • Can I generate hashes from these databases to test for weak passwords?

This repository will contain statistics from each of the database dumps that I analyze. As I answer each of the questions listed above and others, I will post the results of that research here.


Here are the top 1 Million most common passwords of each data dump.

Database Filename
BreachCompilation breach-compilation-top-1-million.csv


This was written for research purposes only. Please do not do anything stupid with it. If you get caught, that's on you. I cannot be held responsible for others' bad decisions.

You can’t perform that action at this time.