By Kim Zetter
October 6, 2009
A researcher who examined 10,000 Hotmail, MSN and Live.com passwords
that were recently exposed online has published an analysis of the list
and found that "123456" was the most commonly used password, appearing
Forty-two percent of the passwords used lowercase letters from "a to z";
only 6 percent mixed alpha-numeric and other characters.
Many of the top 20 passwords used were Spanish names, such as Alejandra
and Alberto, suggesting that the victims were in Spanish-speaking
communities. Nearly 2,000 of the passwords were only six characters
long. The longest password was 30 characters --
The 10,000 passwords and user names, believed to be booty from a
phishing attack, were posted over the weekend to the clipboard site
PasteBin. The site owner has since removed the list, but Bogdan Calin of
Acunetix grabbed the passwords before it disappeared.
The list included only online account addresses that began with "A" or
"B," suggesting that the list was only part of a larger cache of
credentials. On Tuesday, the BBC reported that it had viewed a second
list of more than 20,000 account credentials that included Gmail, Yahoo
and AOL accounts, and that Google had uncovered a third list containing
an unknown number of accounts.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News