More than 10 million hacked email addresses and passwords have been posted to an Australian web site in less than 12 months.
The site, shouldichangemypassword.com was developed by Sydney security researcher Daniel Grzelak to allow users to determine if they were victims of publicly-disclosed data breaches.
The web site could be a gem for companies concerned that staff have reused work passwords and email addresses on other web sites that were subsequently compromised.
The portal was orginally developed for Grzelak's mum and friends, and was sold in January to the Avalanche Technology Group.
It made headlines on the New York Times, Forbes and tech media sites when the LulzSec hacking group was at its peak.
"It’s scary to think that in less than two years, hackers have made more email addresses and passwords public on the internet than the entire population of NSW," Avalanche Technology Group commercial manager Shayne Tilley said.
“With thousands of new compromised emails and passwords being discovered every day, it’s increasingly evident that the threat from hackers is more dangerous than ever. Unfortunately in many cases the compromise is only discovered after it’s too late.”
Each compromised email address was encrypted before being stored within the site using a unique ID.
"This means that not even Avalanche’s internal team can access the list of email addresses, let alone a third party," the company said.