Because the file was static, it became a "dictionary of known compromises." Automated tools could trivially iterate through the list. Success rates for credential stuffing attacks using this file were alarmingly high—often between 0.5% and 2%—which, when applied to a billion records, meant millions of active accounts could be hijacked.
He reasoned: If the bad guys have the file, the good guys need access to the data too—but safely. Hunt ingested the compilation, de-duplicated it further, and allowed users to search if their email address appeared. This single act turned a weapon of mass intrusion into a global alert system. Millions discovered for the first time that their old passwords had been public for years. breachcompilation.txt
But fear is a secondary emotion. The primary one should be action. We live in a post-breach world. The walls are down. The file is out there. Because the file was static, it became a