Statistics about Yahoo leak of 450.000 plain-text accounts

Recently, Ars Technica reported about a leak by ”D33ds Company” of more than 450.000 plain-text accounts from a Yahoo service, which is suspected to be Yahoo Voices.

Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their account.

>> Follow me on Twitter for more IT-security news and fun stuff <<

I gathered some quick statistics on the passwords (with Pipal):

Total entries = 442773
Total unique entries = 342478

Top 10 passwords
123456 = 1666 (0.38%)
password = 780 (0.18%)
welcome = 436 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

Top 10 base words
password = 1373 (0.31%)
welcome = 534 (0.12%)
qwerty = 464 (0.1%)
monkey = 430 (0.1%)
jesus = 429 (0.1%)
love = 421 (0.1%)
money = 407 (0.09%)
freedom = 385 (0.09%)
ninja = 380 (0.09%)
writer = 367 (0.08%)

Full statistics available on Pastebin.

I also checked the frequency of the various domains used for e-mail addresses:

<nerd> cut -d ”@” -f 2 yahoo-unique.txt | cut -d ”:” -f 1 | sort -f | uniq -c -i | sort -b -g -r > yahoo-sorted-counted-emails.txt </nerd>

 137556 yahoo.com
 106869 gmail.com
  55147 hotmail.com
  25520 aol.com
   8536 comcast.net
   6395 msn.com
   5193 sbcglobal.net
   4313 live.com
   3029 verizon.net
   2847 bellsouth.net
   2260 cox.net
   2133 yahoo.co.in
   2077 ymail.com
   2028 hotmail.co.uk
   1943 earthlink.net
   1828 yahoo.co.uk
   1611 aim.com
   1436 charter.net
   1372 att.net
   1146 mac.com
   1131 rediffmail.com
   1124 googlemail.com
   1053 rocketmail.com
    928 juno.com
    853 optonline.net
    810 yahoo.ca
    572 peoplepc.com
    546 mail.com
    536 excite.com
    453 netzero.com
    433 netzero.net
    419 embarqmail.com
    400 yahoo.co.id
    367 live.co.uk
    344 insightbb.com
    342 shaw.ca
    339 windstream.net
    336 inbox.com
    336 btinternet.com
    322 tampabay.rr.com
    321 lycos.com
    316 mchsi.com
    313 yahoo.com.au
    307 netscape.net
    302 roadrunner.com
    299 gmx.com
    298 myway.com

And the following ”interesting” ones:

1870 .edu
 93 .gov
 81 .mil

Full statistics on Pastebin.

>> Follow me on Twitter for more IT-security news and fun stuff <<

Missa inget!

Prenumerera på Säkerhetsbloggen via e-post!

Comments: 124

Your email address will not be published.