62 Memverse Accounts

I have acquired 62 hacked Memverse accounts. As these emails/passwords have been on the deepweb for over 4 years, consider this your last chance to change your password. I will be posting the passwords in 2 weeks.

291183@gmail.com
adam.zarn@my.wheaton.edu
allgraphix360@gmail.com
amaiz.oscar@gmail.com
ashper@gmail.com
benjche@gmail.com
benkudisch@gmail.com
blakeobriant@gmail.com
brandi-adams@hotmail.com
ccoppen@gmail.com
chanshikp@gmail.com
coldfusion72@gmail.com
crbannister@gmail.com
crischaverri@yahoo.com
d_black87@hotmail.com
danielcory92@gmail.com
darryl_cooper@msn.com
derekantrican@gmail.com
evg.jjmartin@gmail.com
hume.jeff@gmail.com
husbandofjessica@hotmail.com
iantanrc@gmail.com
ijayaraj@ymail.com
jcmoscon@gmail.com
jesipher@hotmail.com
jonathan.steele61@gmail.com
joshuayeohliqhern@hotmail.com
jotham@durableroofing.info
jph989@gmail.com
jrswab@gmail.com
jysc24@gmail.com
kwallerius@gmail.com
laufor@gmail.com
lejhak_44@yahoo.com
lessmemorejesus@gmail.com
lksr10@gmail.com
macloude_16@yahoo.com
meetmandarin@gmail.com
megan.revell@btinternet.com
narnianlamplighter@gmail.com
ndcain@gmail.com
nitin.gangahar@gmail.com
onomou@gmail.com
rahulfabian@gmail.com
restoration72@gmail.com
sabzeboss@gmail.com
sailesh111@gmail.com
samanthalimhf@gmail.com
singingmaster@live.com
smileegirl95@hotmail.com
sterlingdiazd@gmail.com
steve.passas@gmail.com
steve@stevenrutledge.com
stevenhume@msn.com
tate2226@hotmail.com
thefishman@embarqmail.com
vaneycksemeotoki@gmail.com
wanda.m@vodamail.co.za
winterwillowfarm@gmail.com
wretchedturnedrighteous@gmail.com
xrisafi1@gmail.com
xsrvmy@gmail.com

Format
email:password

291183@gmail.com:jc291183
adam.zarn@my.wheaton.edu:dukiebaby1
allgraphix360@gmail.com:space121
amaiz.oscar@gmail.com:v92974560
ashper@gmail.com:ashper1510
benjche@gmail.com:0bingbing0
benkudisch@gmail.com:disney2
blakeobriant@gmail.com:tbo3752
brandi-adams@hotmail.com:mom1861
ccoppen@gmail.com:ywing1976
chanshikp@gmail.com:park333
coldfusion72@gmail.com:carlos123
crbannister@gmail.com:split222
crischaverri@yahoo.com:lu21wa87
d_black87@hotmail.com:davidblack122087
danielcory92@gmail.com:k0v(11
darryl_cooper@msn.com:windows7
derekantrican@gmail.com:deltamu9
evg.jjmartin@gmail.com:edgarjay27
hume.jeff@gmail.com:tim412
husbandofjessica@hotmail.com:1512jess
iantanrc@gmail.com:1fermion
ijayaraj@ymail.com:healer333
jcmoscon@gmail.com:wincgi90
jesipher@hotmail.com:qwe123123
jonathan.steele61@gmail.com:isaiah61
joshuayeohliqhern@hotmail.com:4986abc123
jotham@durableroofing.info:forjesus2
jph989@gmail.com:justin750
jrswab@gmail.com:js30027#
jysc24@gmail.com:jan2044
kwallerius@gmail.com:rhodes99
laufor@gmail.com:asdfdsa
lejhak_44@yahoo.com:markjoseph13
lessmemorejesus@gmail.com:praisejesus
lksr10@gmail.com:t2hb2g4pk6
macloude_16@yahoo.com:pogiaq
meetmandarin@gmail.com:777money
megan.revell@btinternet.com:il2contort
narnianlamplighter@gmail.com:finchley15
ndcain@gmail.com:faboo123
nitin.gangahar@gmail.com:simnit
onomou@gmail.com:uplink09
rahulfabian@gmail.com:1854klv
restoration72@gmail.com:ajp82035
sabzeboss@gmail.com:tonleu98
sailesh111@gmail.com:obiwan1
samanthalimhf@gmail.com:samantha
singingmaster@live.com:techno
smileegirl95@hotmail.com:curium11
sterlingdiazd@gmail.com:smdd89*
steve.passas@gmail.com:6576sep
steve@stevenrutledge.com:9009s125
stevenhume@msn.com:schwa66
tate2226@hotmail.com:22amber26
thefishman@embarqmail.com:angelguppie
vaneycksemeotoki@gmail.com:asdf1234
wanda.m@vodamail.co.za:wanda2
winterwillowfarm@gmail.com:horses
wretchedturnedrighteous@gmail.com:error$)$
xrisafi1@gmail.com:madden69
xsrvmy@gmail.com:max990318

And, why, as a Christian, would you be desiring to do this, which I would consider the work of the devil? (My assessment!)
Would Christ ever issue such a threat?
Would He ever treat a brother or sister, weak or strong in the faith, in this manner? I don't think so.
I hope you will stop before you unleash something that you will regret for eternity, my friend!!!
All of our actions in this life will come before God's judgment. Do we want to meet these unChristlike behaviors again, as we stand before God? I honestly don't think so. I would hope not.
We are in this world for one overriding purpose–to develop a character that God can save and entrust with immortality throughout eternity. Is such an action as you are threatening going to result in you developing a more Christlike character–one that God will see is a reflection of the character of His Son, Jesus Christ–a character that is worthy of eternal life?

And, why, as a Christian, would you be desiring to do this, which I would consider the work of the devil? (My assessment!)
Would Christ ever issue such a threat?
Would He ever treat a brother or sister, weak or strong in the faith, in this manner? I don't think so.
I hope you will stop before you unleash something that you will regret for eternity, my friend!!!
All of our actions in this life will come before God's judgment. Do we want to meet these unChristlike behaviors again, as we stand before God? I honestly don't think so. I would hope not.
We are in this world for one overriding purpose–to develop a character that God can save and entrust with immortality throughout eternity. Is such an action as you are threatening going to result in you developing a more Christlike character–one that God will see is a reflection of the character of His Son, Jesus Christ–a character that is worthy of eternal life?

This is most definitely not a work of the devil, as you would have everyone believe. At no point did I commit a crime to obtain this information. I'm an independent security researcher who wants a better internet for everyone. Using the same password for 4+ years is not a good idea. I'm encouraging these people to change their passwords before I release the old ones.

If you concerned about giving 2 weeks notice, please know that I'm following industry standards for Responsible Disclosure.

Your technical behavior may not be "the work of the devil". You may be behaving responsibly (maybe) from your perspective of being "an independent security researcher". But your quote on "responsible disclosure" in reference to a vulnerability disclosure model seems totally out of place here. There is no vulnerability disclosure issue with the Memverse software (which is what the context of your quote would be referring to). For someone not to change their password frequently is certainly an unwise practice, but it is NOT a vulnerability matter regarding the Memverse software platform. That is how I read your quote IN THE CONTEXT OF WHAT IT IS ILLUSTRATING AND TALKING ABOUT–nothing to do with passwords.

But getting back to my original comments: I was primarily responding to your threat as stated in these words: "consider this your last chance to change your password. I will be posting the passwords in 2 weeks." Exactly what right or authority do you have for doing such an action? None!!! Unless of course you were going to be involved in blackmail or some sort of ransomware . . . both of which I don't believe you intend to do. Technically, even if you obtained these passwords 'legally', to publish them without the consent of the owners of them is definitely an illegal act on your part and could open you up to a legitimate lawsuit. I hope you have legal liability insurance in your profession as an independent security researcher. However, chances are that all of those names and accounts are all inactive users, and they would never be aware of your above threat and / or your possible publishing of their passwords.

Exactly what is the ramifications of a person on Memverse keeping their same password for a dozen or more years? What can they lose? Nothing!! If someone hacks into their accounts, they could mess up their memory work, etc. But it doesn't cost them anything, does it? So why would you issue such a threat, such an ultimatum, unless it is simply to show off your own ego in being able to do this?

I do not take back any of my comments. They still stand 100% as originally stated. I still feel, especially in the environment of Memverse, that your actions are totally out of line. Now, if this was a banking site, or a credit card site, or an online shopping site, then I could see you being rightfully concerned for these users' accounts being potentially hacked into. But Memverse costs nothing, there is no storage of any credit card info, so what exactly is the big deal here?

In the principle of Christ's Golden Rule, do to others what you would have them do to you, please think twice. What if there is an account of a senior who only goes on Memverse every few months and has real trouble in remembering or changing her passwords (which is why she has left it as the original one she set up the account with 18 years ago). Because there is no risk here, if you were to publish her password and someone goes into her account because of your action in broadcasting it, and messes up or totally deletes her memorized verses that she has worked years to get up to where it was, how will you feel when she logs on and sees everything messed up or deleted? What if that causes her to have a heart attack because her account was so meaningful to her? What will you say to Jesus as your "excuse" for doing such an un-Christian action to a sister in the faith? "Do to others what you would have them do to you!"

I am not revealing a vulnerability with the Memverse website, but rather a personal vulnerability (reused passwords). Responsible Disclosure is the policy of giving the effected party adequate time to patch said vulnerability. This applies to individuals as well as corporations. As changing a password only takes 5 minutes, I believe that my action of giving 2 weeks is following Responsible Disclosure guidelines.

My original wording may appear to some as a threat, but this is not the case. I am not seeking personal profit via blackmail. My ultimate goal is to better the internet by helping these people improve their personal online security.

“Exactly what right or authority do you have for doing such an action?” The First Amendment of the Constitution of the United States guarantees freedom of speech. As I am not doing anything except sharing information, this is a constitutionally protected act.

“Exactly what is the ramifications of a person on Memverse keeping their same password for a dozen or more years?” A lot can go wrong. Password reuse is one of the most common reasons for online accounts to be hacked. They might be using the same password for online banking that they use here. Memverse accounts are an unlikely target because there is no monetary gain. I would rather someone learn to change their password from losing a Memverse account than their bank account. I don’t believe that my actions are simply to show off my own ego, but there is always the possibility of a subconscious bias.

If my email+password was floating around the deepweb I would positively want to be informed of it. As such, I am following the Golden Rule.

“if you were to publish her password and someone goes into her account…” That’s not my problem what other people do. The Computer Fraud and Abuse Act of 1986 prohibits unauthorized access to computer systems. It does not prohibit possessing the knowledge necessary to gain access.

I’m sorry if you feel this is the wrong decision, but I believe it’s the best option. If you personally feel threaten, change your passwords just to be safe.

Thanks, Danny the Younger. No, I do not feel personally threatened, I do change my passwords regularly and I never use any password for more than one account.
While I still do not agree with your contemplated action, nor with some of your additional comments above, I seriously hope there will be no adverse repercussions on you for such an action as you have decided to do (something that may not come to light for several years, but that you could still be potentially liable for). I do understand where you are coming from–thank you for your additional explanations.
But I sure hope you have gotten some legal advise on what you are about to do, because I do not believe your interpretation of the first amendment is totally correct, nor that it would cover your contemplated action (this action has nothing to do with freedom of speech, but it has everything to do with breach of privacy issues, etc.–why add to the darkweb's behavior by your own contemplated action).
Plus, as your contemplated action is potentially international in scope (because you would have no idea where those accounts reside and you are only assuming Memverse's servers are in the USA), I hope you are fully aware of the international, legal, insurance, and other risk issues involved in proceeding with your action.
That's all that I have to say.

The passwords are here! See the second post.