.

And the winner once again is 123456 Date: 2011-06-16 13:02:26 LulzSec Disclosed 66000 user emails and passwords. We just crunched the numbers and here are the top ten results: Password -> Count

123456 -> 569

123456789 -> 184

password -> 133

romance -> 88

102030 -> 68

mystery -> 67

ajcuivd289 -> 62 (55 used a lower and 7 used AjcuiVd289)

shadow -> 62

tigger -> 62

123 -> 55 Note: Case sensitivity was not considered in this comparison. Slots one two and three are expected. Lulzsec did not specify where this data came, and many times passwords can be derived by the context of the site they are for. Looking at this data, it looks like many of the passwords may have come from a source related to books and reading. In the top ten, only romance and mystery fit that theme, but going through the long list, there were many other indications leaning this way. One very strange password in the top 10 was ajcuivd289. Going through the source, this is legitimately listed for 62 different emails (note: 7 of these used the mixed case variant of AjcuiVd289). We tried doing some google searches for ajcuivd289 to see what it may be, and surprisingly, this led to the discovery of many sites which have google indexed password lists. We won't disclose those here, but we suggest anyone using that password to change it. Password Length Password length was decent. 67% of the passwords in the file were longer than six characters and 50% were at least eight characters. Here's the breakdown on password length: 31% -> 6 characters

26% -> 8 characters

17% -> 7 characters

10% -> 9 characters

6.5% -> 10 characters

Complexity Password complexity was very bad in this data. From worst to best

numbers only --> 20%

letters only --> 44%

numbers and letters --> 35%

letters and special characters --> 1%

Numbers, letters, and special characters --> 1%

Category: Breach Subcategory: Passwords Please enable JavaScript to view the comments powered by Disqus. blog comments powered by Disqus