Search
Sign in with
Sign up | Sign in
30 comments

Stolen Hotmail Data Finds Simple Passwords

By - Source: Tom's Hardware US

ABC, easy as 123...456789!

We've all seen the warnings about having secure passwords. Even upon account creation, many online services even include tips on how to make a secure password. It seems, though, that most users do not take heed.

IDG reports that security researcher Bogdan Calin analyzed the 10,000 stolen Windows Live Hotmail usernames and passwords that were leaked late last week and found that users are still using simple, common and downright stupid passwords.

Passwords that used simple number sequences such as 123456789 made up half of the top 10 most common passwords. The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos.

Security sites recommend that passwords should contain a combination of letters, numbers and other characters. Calin found that just 6 percent of the Hotmail passwords met such standards of complexity, but more than 60 percent were either lower case letters only, or numbers.

Interestingly, the longest password Calin found was "lafaroleratropezoooooooooooooo".

The top 10 passwords were:

   1. 123456

   2. 123456789

   3. alejandra

   4. 111111

   5. alberto

   6. tequiero

   7. alejandro

   8. 12345678

   9. 1234567

  10. estrella

You need to be logged to post a comment

There are 30 Comments. B
Top Comments
  • 15
    randomizer , October 8, 2009 7:24 AM
    TheresaCI am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.

    Wait... you give all of your passwords to one website?
  • 13
    Ethuus , October 8, 2009 5:10 AM
    So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
  • 13
    JasonAkkerman , October 8, 2009 4:45 AM
    Whats up with all the Hispanic names?
Other Comments
  • 13
    JasonAkkerman , October 8, 2009 4:45 AM
    Whats up with all the Hispanic names?
  • 7
    Boxa786 , October 8, 2009 4:49 AM
    PPL with passwords like that have no reason to complain about there account being stolen!
  • 2
    tipoo , October 8, 2009 4:52 AM
    CRAP! My bank pin number is the same as number one!
  • 5
    samely , October 8, 2009 4:56 AM
    JasonAkkermanWhats up with all the Hispanic names?

    "The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos."
  • 2
    buwish , October 8, 2009 4:57 AM
    What happened to using a pet's name?
  • 13
    Ethuus , October 8, 2009 5:10 AM
    So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
  • 3
    doomtomb , October 8, 2009 5:11 AM
    "alenjendra"
    "alberto"
    "alejendro"
    "estrella"

    Hmmm I wonder what demographics we are working with here.....
  • 6
    the_krasno , October 8, 2009 5:14 AM
    buwishWhat happened to using a pet's name?


    The password ranking 11 is "Tamagotchi".
  • 11
    Sushi Warrior , October 8, 2009 5:44 AM
    What about "password" or "notpassword"?
  • -4
    koga73 , October 8, 2009 6:17 AM
    A strong password is important! My passwords are 16 characters long using uppercase/lowercase/numbers. Its not prone to dictionary attack or brute-force (well, itd take a long time). And all of my passwords are different so if one is comprimised the rest arn't.
  • 10
    Platypus , October 8, 2009 6:27 AM
    koga73A strong password is important! My passwords are 16 characters long using uppercase/lowercase/numbers. Its not prone to dictionary attack or brute-force (well, itd take a long time). And all of my passwords are different so if one is comprimised the rest arn't.
    Want a cookie for remembering them all? (Pun intended)
  • 2
    thatcrazyguy , October 8, 2009 6:39 AM
    JasonAkkermanWhats up with all the Hispanic names?

    Well the researcher suggests that this phishing scam targeted Hispanics. Although I am still trying to figure out how and why a phisher would target a specific group of people rather than as many people as possible.
  • -3
    anonymous@guest , October 8, 2009 6:41 AM
    I am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.
  • 15
    randomizer , October 8, 2009 7:24 AM
    TheresaCI am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.

    Wait... you give all of your passwords to one website?
  • 0
    anonymous@guest , October 8, 2009 9:59 AM
    noone chose 'Hotmail' as password?
  • 1
    mi1400 , October 8, 2009 10:35 AM
    it also reveal that all of stolen password were stolen from a mexican ISP.
  • 0
    athreex , October 8, 2009 10:38 AM
    randomizerWait... you give all of your passwords to one website?


    haha !!

    He/She will tell you ( oh yeah they have security/encryption and they don't see anything and agreements blah, blah blah) In the end, yeah you're giving your password to some password management service.

    Still, the article is true, (Puerto Rican here), i know a lot people that have simple passwords, I've taught my family to combine several characters with numbers in the moment of creating passwords. On the other hand, phishing kits like this are obviouly targeted at non tech savy folks.
  • 1
    anonymous@guest , October 8, 2009 10:52 AM

    Ethuus 10/08/2009 12:10 PM

    So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!



    Space Balls!!!!
  • 0
    anonymous@guest , October 8, 2009 11:16 AM
    Hey, that's the same password I have on my luggage!
  • 0
    Duncan_Idah0 , October 8, 2009 1:26 PM
    Taking into account that it has been stated that most of the compromised email accounts were from Europe and that they were obtained with a pishing attack, I think it is quite obvious that it was a pishing attack in Spanish targeted at Spaniards... I mean not much sense sending an email in spanish pretending to be from hotmail staff to a britt or a dutch.
Display more comments
Related Content