Update on July 13 - Yahoo fixes flaw behind 450,000 account hack
When you have 450,000 passwords, you can do a bit of analysis. ESET used the password analyser Pipal to compile some statistics (full data dump available on Pastebin).
First off, there were apparently only 442,773 passwords, contrary to the previously reported number I mentioned above. Secondly, 342,478 of them were unique, meaning that 100,295 passwords, or 22.65 percent of the total, were used by more than one person.
Here are the top 10 passwords from the Yahoo hack:
- 123456 = 1666 (0.38%)
- password = 780 (0.18%)
- welcome = 436 (0.1%)
- ninja = 333 (0.08%)
- abc123 = 250 (0.06%)
- 123456789 = 222 (0.05%)
- 12345678 = 208 (0.05%)
- sunshine = 205 (0.05%)
- princess = 202 (0.05%)
- qwerty = 172 (0.04%)
Here are the top 10 base words from the Yahoo hack:
- password = 1373 (0.31%)
- welcome = 534 (0.12%)
- qwerty = 464 (0.1%)
- monkey = 430 (0.1%)
- jesus = 429 (0.1%)
- love = 421 (0.1%)
- money = 407 (0.09%)
- freedom = 385 (0.09%)
- ninja = 380 (0.09%)
- writer = 367 (0.08%)
Here are the top 10 e-mail address domain names:
- yahoo.com (31.07%)
- gmail.com (24.14%)
- hotmail.com (12.45%)
- aol.com (5.76%)
- comcast.net (1.93%)
- msn.com (1.44%)
- sbcglobal.net (1.17%)
- live.com (0.97%)
- verizon.net (0.68%)
- bellsouth.net (0.64%)
If you have a Yahoo account, you should change your password, just to be on the safe side. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.
Update on July 13 - Yahoo fixes flaw behind 450,000 account hack
See also:
- NSA: Cybercrime is 'the greatest transfer of wealth in history'
- FBI: US losing hacker war
- Richard Clarke: China has hacked every major US company
- US and China test response capabilities via cyber war games
- Anonymous wants to take down the Great Firewall of China
- Anonymous hacks hundreds of Chinese government sites
- China admits Anonymous hacks
Join Discussion