This article was published on October 8, 2009

Leaked Hotmail Data Shows Poor Choice Of Passwords


Leaked Hotmail Data Shows Poor Choice Of Passwords

img_33742_microsoft-windows-live-logo_450x360A few days ago we posted a story highlighting reports that tens of thousands of Hotmail passwords had been leaked onto public text sharing websites. By now, many people would have accessed and used the stolen data but one security researcher by the name of Bogdan Calin decided to analyse the usernames and passwords. His report came up with some very surprising (or in some cases unsurprising) results:

  • The longest password was found to be 30 characters long: lafaroleratropezoooooooooooooo
  • The shortest password being just a single character: )
  • The most popular password was: 123456, used by at least 64 people found on the list.
  • The average password length was 8 characters, with 42% of all passwords consisting of lower alpha characters.

Bogdan made the assumption that the compromised data was extracted using various phishing techniques, most likely a dummy webpage that looked and acted like an official Windows Live Mail login screen. It is also likely that this attack was aimed at the Latino community from looking at the 20 most common passwords:

  1. 123456
  2. 123456789
  3. alejandra
  4. 111111
  5. alberto
  6. tequiero
  7. alejandro
  8. 12345678
  9. 1234567
  10. estrella
  11. iloveyou
  12. daniel
  13. 000000
  14. roberto
  15. 654321
  16. bonita
  17. sebastian
  18. beatriz
  19. mariposa
  20. america

Of course when there are security scares such as this it is advisable to change your password, making sure to use both uppercase and lowercase letters, numbers and even special characters. A simple Google search for “password generator” will give you a decent list of websites from which you can generate a strong and safe password.

Get the TNW newsletter

Get the most important tech news in your inbox each week.