Join us at TNW Conference 2022 for insights into the future of tech →

Inside money, markets, and Big Tech

This article was published on October 8, 2009

    Leaked Hotmail Data Shows Poor Choice Of Passwords

    Leaked Hotmail Data Shows Poor Choice Of Passwords
    Matt Brian
    Story by

    Matt Brian

    Matt is the former News Editor for The Next Web. You can follow him on Twitter, subscribe to his updates on Facebook and catch up with him Matt is the former News Editor for The Next Web. You can follow him on Twitter, subscribe to his updates on Facebook and catch up with him on Google+.

    img_33742_microsoft-windows-live-logo_450x360A few days ago we posted a story highlighting reports that tens of thousands of Hotmail passwords had been leaked onto public text sharing websites. By now, many people would have accessed and used the stolen data but one security researcher by the name of Bogdan Calin decided to analyse the usernames and passwords. His report came up with some very surprising (or in some cases unsurprising) results:

    • The longest password was found to be 30 characters long: lafaroleratropezoooooooooooooo
    • The shortest password being just a single character: )
    • The most popular password was: 123456, used by at least 64 people found on the list.
    • The average password length was 8 characters, with 42% of all passwords consisting of lower alpha characters.

    Bogdan made the assumption that the compromised data was extracted using various phishing techniques, most likely a dummy webpage that looked and acted like an official Windows Live Mail login screen. It is also likely that this attack was aimed at the Latino community from looking at the 20 most common passwords:

    1. 123456
    2. 123456789
    3. alejandra
    4. 111111
    5. alberto
    6. tequiero
    7. alejandro
    8. 12345678
    9. 1234567
    10. estrella
    11. iloveyou
    12. daniel
    13. 000000
    14. roberto
    15. 654321
    16. bonita
    17. sebastian
    18. beatriz
    19. mariposa
    20. america

    Of course when there are security scares such as this it is advisable to change your password, making sure to use both uppercase and lowercase letters, numbers and even special characters. A simple Google search for “password generator” will give you a decent list of websites from which you can generate a strong and safe password.