Sign in with
Sign up | Sign in

Stolen Hotmail Data Finds Simple Passwords

By - Source: Tom's Hardware US | B 30 comments

ABC, easy as 123...456789!

We've all seen the warnings about having secure passwords. Even upon account creation, many online services even include tips on how to make a secure password. It seems, though, that most users do not take heed.

IDG reports that security researcher Bogdan Calin analyzed the 10,000 stolen Windows Live Hotmail usernames and passwords that were leaked late last week and found that users are still using simple, common and downright stupid passwords.

Passwords that used simple number sequences such as 123456789 made up half of the top 10 most common passwords. The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos.

Security sites recommend that passwords should contain a combination of letters, numbers and other characters. Calin found that just 6 percent of the Hotmail passwords met such standards of complexity, but more than 60 percent were either lower case letters only, or numbers.

Interestingly, the longest password Calin found was "lafaroleratropezoooooooooooooo".

The top 10 passwords were:

   1. 123456

   2. 123456789

   3. alejandra

   4. 111111

   5. alberto

   6. tequiero

   7. alejandro

   8. 12345678

   9. 1234567

  10. estrella

Display 30 Comments.
This thread is closed for comments
Top Comments
  • 15 Hide
    randomizer , October 8, 2009 12:24 AM
    TheresaCI am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.

    Wait... you give all of your passwords to one website?
  • 13 Hide
    JasonAkkerman , October 7, 2009 9:45 PM
    Whats up with all the Hispanic names?
  • 13 Hide
    Ethuus , October 7, 2009 10:10 PM
    So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
Other Comments
  • 13 Hide
    JasonAkkerman , October 7, 2009 9:45 PM
    Whats up with all the Hispanic names?
  • 7 Hide
    Boxa786 , October 7, 2009 9:49 PM
    PPL with passwords like that have no reason to complain about there account being stolen!
  • 2 Hide
    tipoo , October 7, 2009 9:52 PM
    CRAP! My bank pin number is the same as number one!
  • 5 Hide
    samely , October 7, 2009 9:56 PM
    JasonAkkermanWhats up with all the Hispanic names?

    "The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos."
  • 2 Hide
    buwish , October 7, 2009 9:57 PM
    What happened to using a pet's name?
  • 13 Hide
    Ethuus , October 7, 2009 10:10 PM
    So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
  • 3 Hide
    doomtomb , October 7, 2009 10:11 PM
    "alenjendra"
    "alberto"
    "alejendro"
    "estrella"

    Hmmm I wonder what demographics we are working with here.....
  • 6 Hide
    the_krasno , October 7, 2009 10:14 PM
    buwishWhat happened to using a pet's name?


    The password ranking 11 is "Tamagotchi".
  • 11 Hide
    Sushi Warrior , October 7, 2009 10:44 PM
    What about "password" or "notpassword"?
  • -4 Hide
    koga73 , October 7, 2009 11:17 PM
    A strong password is important! My passwords are 16 characters long using uppercase/lowercase/numbers. Its not prone to dictionary attack or brute-force (well, itd take a long time). And all of my passwords are different so if one is comprimised the rest arn't.
  • 10 Hide
    Platypus , October 7, 2009 11:27 PM
    koga73A strong password is important! My passwords are 16 characters long using uppercase/lowercase/numbers. Its not prone to dictionary attack or brute-force (well, itd take a long time). And all of my passwords are different so if one is comprimised the rest arn't.
    Want a cookie for remembering them all? (Pun intended)
  • 2 Hide
    thatcrazyguy , October 7, 2009 11:39 PM
    JasonAkkermanWhats up with all the Hispanic names?

    Well the researcher suggests that this phishing scam targeted Hispanics. Although I am still trying to figure out how and why a phisher would target a specific group of people rather than as many people as possible.
  • -3 Hide
    Anonymous , October 7, 2009 11:41 PM
    I am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.
  • 15 Hide
    randomizer , October 8, 2009 12:24 AM
    TheresaCI am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.

    Wait... you give all of your passwords to one website?
  • 0 Hide
    Anonymous , October 8, 2009 2:59 AM
    noone chose 'Hotmail' as password?
  • 1 Hide
    mi1400 , October 8, 2009 3:35 AM
    it also reveal that all of stolen password were stolen from a mexican ISP.
  • 0 Hide
    athreex , October 8, 2009 3:38 AM
    randomizerWait... you give all of your passwords to one website?


    haha !!

    He/She will tell you ( oh yeah they have security/encryption and they don't see anything and agreements blah, blah blah) In the end, yeah you're giving your password to some password management service.

    Still, the article is true, (Puerto Rican here), i know a lot people that have simple passwords, I've taught my family to combine several characters with numbers in the moment of creating passwords. On the other hand, phishing kits like this are obviouly targeted at non tech savy folks.
  • 1 Hide
    Anonymous , October 8, 2009 3:52 AM

    Ethuus 10/08/2009 12:10 PM

    So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!



    Space Balls!!!!
  • 0 Hide
    Anonymous , October 8, 2009 4:16 AM
    Hey, that's the same password I have on my luggage!
  • 0 Hide
    Duncan_Idah0 , October 8, 2009 6:26 AM
    Taking into account that it has been stated that most of the compromised email accounts were from Europe and that they were obtained with a pishing attack, I think it is quite obvious that it was a pishing attack in Spanish targeted at Spaniards... I mean not much sense sending an email in spanish pretending to be from hotmail staff to a britt or a dutch.
Display more comments