Comment How do we actually know? (Score 2) 203
I could harvest 5m gmail names from google searches, and then publish them with bogus passwords and create panic. Is there some statistic that says how many of these were real passwords? Because wouldn't it be illegal to use them (accessing another person's account w/o their permission is a crime in the USA).
Seems like it would be easy to manufacture a lot of FUD by making these claims w/o really having any passwords at all, and no one could verify it?