123456 Was the most common Hotmail password in phishing attack

By on October 9, 2009, 12:20 PM
Earlier this week, over 30,000 email account names and passwords were anonymously posted on the Web. The credentials were compromised in an industry-wide phishing scheme that involved a slew of webmail services, including Hotmail, Gmail, Yahoo, AOL, Comcast, and Earthlink. Bogdan Calin managed to snag the initial list of 10,028 accounts, and used it to generate some interesting -- though, unsurprising -- statistics.

Calin noted that although the list began at 10,028 entries, after cleaning it up and removing accounts without passwords, 9,843 remained. Of those valid entries, 8,931 (90%) had unique passwords. The longest spanned 30 characters (lafaroleratropezoooooooooooooo), while the shortest was only a single character: ).

The most common password was "123456", which appeared on the list 64 times. The password "123456789" was listed 18 times, "alejandra" 11 times, "111111" 10 times, and "alberto" was used on 9 of the accounts. In addition to the first names and number sequences, passwords like "iloveyou" and "america" were also shown to be common.

Calin's statistics show the length distribution of passwords, as well as the types of characters most frequently used. The phishing attack and Calin's figures serve as a reminder that using six zeros as a password is both unsafe, and unoriginal.

User Comments: 9

Got something to say? Post a comment
captaincranky captaincranky, TechSpot Addict, said:

123456, Now Can I Go Have Dinner....?

As someone who has dealt with Verizon customer service in relation to accidental shut offs, failed alias re-points, and lost Email, as a password, "123456", is the quickest way to get off the phone with some imbecile in Pakistan named "Biff"!

TomSEA TomSEA, TechSpot Chancellor, said:

It boggles the mind how careless people are with passwords. These same people are sure to lock their car doors or home doors every time they leave. But properly "lock" their computer apps with a decent password? Can't be bothered....

z0k! said:

i dont think verizon either has their operations or customer support based in Pakistan,and u sure aint gonna find any1 named "Biff"..hehe

Reloader2 said:

People are stupid....

Route44 Route44, TechSpot Ambassador, said:

Hmmmm, reminds me of Space Balls...

captaincranky captaincranky, TechSpot Addict, said:

i dont think verizon either has their operations or customer support based in Pakistan,and u sure aint gonna find any1 named "Biff"..hehe
Perhaps it was India and his name was "Dante' ".

And just FYI, Verizon DOES farm out certain parts of their internet customer service and sales tasks to Central Asian markets. I heard too many Indian/ Pakistani accents on the phone to ever be convinced otherwise.

Guest said:

It's almost embarrassing how easy people make it for hackers these days. A simple tool like Deadbolt Password Generator means that remembering passwords is a thing of the past, and at least you won't have the same password for everything.

z0k! said:

oh sure..not just verizon but a lot of the companies do,no disputing that..there's a booming trend that has followed CS outsourcing to south asia...

that reminded me a good ol youtube vid..


Rick Rick, TechSpot Staff, said:

No question about it - Verizon outsources. Their "business" line of services/products are supported in the US though.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.