'experienced' at 9975 and 'doom' at 9983) hint this may not be a sorted list. The passwords were listed in a numerical order, but the blocks of entries and positions of some simpler entries (e.g. It represents the top 10,000 passwords from a list of 10 million compiled by Mark Burnett for other specific attribution see the readme file. The OWASP project publishes its SecList software content as CC-by-SA 3.0 this page takes no position on whether the list data is subject to database copyright or public domain. This particular list originates from the OWASP SecLists Project ( ) and is copied from its content on GitHub ( ) to link it more conveniently from Wikipedia.
The passwords may then be tried against any account online that can be linked to the first, to test for passwords reused on other sites. Usually passwords are not tried one-by-one against a system's secure server online instead a hacker might manage to gain access to a shadowed password file protected by a one-way encryption algorithm, then test each entry in a file like this to see whether its encrypted form matches what the server has on record. A hacker can use or generate files like this, which may readily be compiled from breaches of sites such as Ashley Madison. If your password is on this list of 10,000 most common passwords, you need a new password.