Follow-up to yesterdays post. A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
Forty-two percent of the passwords used lowercase letters from “a to z”; only 6 percent mixed alpha-numeric and other characters.
Many of the top 20 passwords used were Spanish names, such as Alejandra and Alberto, suggesting that the victims were in Spanish-speaking communities. Nearly 2,000 of the passwords were only six characters long. The longest password was 30 characters — lafaroleratropezoooooooooooooo.
The 10,000 passwords and user names, believed to be booty from a phishing attack, were posted over the weekend to the clipboard site PasteBin. The site owner has since removed the list, but Bogdan Calin of Acunetix grabbed the passwords before it disappeared.
The list included only online account addresses that began with “A” or “B,” suggesting that the list was only part of a larger cache of credentials. On Tuesday, the BBC reported that it had viewed a second list of more than 20,000 account credentials that included Gmail, Yahoo and AOL accounts, and that Google had uncovered a third list containing an unknown number of accounts.
Some of the accounts on the list of 20,000 names the BBC saw appeared to be old, unused or fake, though many were genuine. The list also included Comcast and Earthlink accounts.
Both Google and Microsoft, which own Gmail and Hotmail, MSN and Live.com respectively, have taken measures to block use of the exposed accounts until the legitimate users can reset their passwords.