In one of the biggest phising scams ever, the passwords of more than 10,000 Hotmail accounts were found to have been compromised and posted online.
The huge security breach was first reported by the website neowin.net, which said a list of the account details had been posted last week on pastebin.com, a forum used by software developers. This scam, as later reports suggested, may have compromised the privacy of at least 20,000 more accounts of users belonging to a number of other popular email providers such as Gmail, Yahoo and AOL.
According to security researcher Bogdan Calin of Acunetix, the hacked accounts show people still tend to go for weak passwords. The hack exposes the lazy and unsecure password habits of their users despite heightened security threats. Based on their analysis of the hacked passwords, rearchers have released a list of 10 most common passwords.
123456 tops the list of most common (and amongst the stupidest) passwords, Bogdan Calin told PCWorld. Calin reportedly got hold of the 10,000 stolen Windows Live Hotmail usernames and passwords that were posted on the Web site PasteBin late last week after which he analyzed and reached at the list.
According to Calin, the second most common password is 123456789. Both passwords, 123456 and 123456789, were among the most common used by the victims who fell prey to the phising scam. Of the 9,843 valid passwords he found, 82 of them used one of these two combinations.
First names such as alejandra, alberto and alejandro also figure among the most common passwords at No. 3, 5 and 7 in the list of top 10 worst passwords list. Based on the names, Calin believes that the passwords were stolen by a phishing kit targeting Latinos.
The fourth most common password is 111111. Security experts suggest that secure passwords should use a combination of letters, numbers and other characters. They forbid using passwords which have names, dates or dictionary words.
Calin found that just 6 per cent of the Hotmail passwords contained a mix of letters, numbers and other characters. More than 60 percent were either lower case letters only, or numbers.
At no. 8 and 9 in the 10 most common passwords list are again numeric-based passwords, 12345678 and 1234567. According to Calin, these passwords have been gathered using phishing kits
tequiero and estrella rank at no. 6 and 10 in the list. tequiero happens to be the soanish equivalent of I love you.
According to a statistical analysis of the 10,000 passwords published by Acunetix, 42% of the phished users use lower alpha passwords only (a to z), 19% rely on numbers only, with 22% of the total sampled population using a 6 character password (Live.com’s minimum), followed by 21% of users using 8 character passwords.
Source : infotech.indiatimes.com
No comments:
Post a Comment