Stolen Hotmail Data Finds Simple Passwords

Whats up with all the Hispanic names?

PPL with passwords like that have no reason to complain about there account being stolen!

CRAP! My bank pin number is the same as number one!

"The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos."

What happened to using a pet's name?

So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

"alenjendra"
"alberto"
"alejendro"
"estrella"

Hmmm I wonder what demographics we are working with here.....

The password ranking 11 is "Tamagotchi".

What about "password" or "notpassword"?

A strong password is important! My passwords are 16 characters long using uppercase/lowercase/numbers. Its not prone to dictionary attack or brute-force (well, itd take a long time). And all of my passwords are different so if one is comprimised the rest arn't.

Want a cookie for remembering them all? (Pun intended)

Well the researcher suggests that this phishing scam targeted Hispanics. Although I am still trying to figure out how and why a phisher would target a specific group of people rather than as many people as possible.

I am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.

Wait... you give all of your passwords to one website?

noone chose 'Hotmail' as password?

it also reveal that all of stolen password were stolen from a mexican ISP.

haha !!

He/She will tell you ( oh yeah they have security/encryption and they don't see anything and agreements blah, blah blah) In the end, yeah you're giving your password to some password management service.

Still, the article is true, (Puerto Rican here), i know a lot people that have simple passwords, I've taught my family to combine several characters with numbers in the moment of creating passwords. On the other hand, phishing kits like this are obviouly targeted at non tech savy folks.

Ethuus 10/08/2009 12:10 PM

So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!



Space Balls!!!!

Hey, that's the same password I have on my luggage!

Taking into account that it has been stated that most of the compromised email accounts were from Europe and that they were obtained with a pishing attack, I think it is quite obvious that it was a pishing attack in Spanish targeted at Spaniards... I mean not much sense sending an email in spanish pretending to be from hotmail staff to a britt or a dutch.

Ha!

Too bad I know 1234 and 0000 to be many people's pin numbers...

How about sex and god? Or anything containing them?

The simplicity of hotmail passwords alone says nothing. I have 3 hotmail accounts that all use 123456: Two I use as spam drops, and one is for screwing with scammers.

And now, with Freetoeveryone@live.com, I have four.
Oh noes! My security!

"Somebody change the combination on my luggage!"

Check out this page: http://www.internetworldstats.com/stats2.htm

Shows that internet usage among central and south american countries has skyrocketed ~900% since 2000. That means (assuming the majority of those people speak spanish) that there a are a number of users in this demographic who are new to this and are likely to fall for phishing scams that more experienced users (I'll give some of us credit) would not be fooled by.

And a more simple answer to your question: the phisher spoke spanish -- not english. Since phishing scams rely on convincing language use, even if he knows a bit of english it may not be enough to make you think he's google/microsoft doing a password reset.

My son has a gmail account with the name sendmespamhere or to that effect that he gives out to online requests and only checks it when he needs the redirect for security.

Brings back memory of "Space ball" movie.

How could a hacker target a demographic? You don't have to select and as far as I can tell aren't even given an OPTION to choose your ethnicity or race. From what I read the hackers only got the first two letters of the alphabet which, from my personal experience taking attendance in college courses, Hispanic first and last names start with the letter A much more often than do American first and last names. Sounds more like a coincidence than it does a racially driven hotmail attack.

well... that just goes to show how stupid people are. It's just as easy to remember a phrase and use that as your password... EG: My Balls Itch Every Sunday Morning Until I Put Syrup On My Cereal. equates to MBIESMUIPSOMC as a password... effed up and long. Throw some numbers in there, and you can e\/en make it rhyme for a mnemonic de\/ice... just don't use alliteration... hahaha.

oh, and i'm surprised to not see 8675309 in there...

I used to use a password that was all numbers like 60626466 I dunno if that is easy to figure out or not but it was easy to remember. that site is long gone now.

hmm maybe people use simple passwords because there isn't anything important in their email account. you know some of these younger people only email friends with it and there's like no bank account and stuff attached so really nothing to worry about.

also this type of article makes it exceedingly simple to search for the password list on the web. I found it one day and made sure my name wasn't in there. I think the site hosting it is kind of lame for not keeping an eye on things. I mean an admin should be able to do a quick search every here and then and delete those. Just shows how secure things are in the real world on sites like that.