There’s again news that user account database is available in the Internet. Now it is about Windows Live Mail users. The origin says that more than 10000 passwords of Hotmail user accounts are in public access. I could not miss it, and brief googling leads me to the true origin. Now pastebin.com server operates unstably but google cache works perfectly:)
So, firstly, the list of published and sorted (without repetitions) accounts includes only accounts that start from letters \”a\” and \”b\”. It means that the full list of users is much bigger than the published list. If we assume that there are about 4000-5000 accounts for every English alphabet letter it’s easy to calculate that the full list of compromised accounts could reach 150000.
Secondly, only 9238 of 10028 published accounts are legitimate. If we also consider Hotmail restriction policy that requires password length to be no less than 6 characters, only 8250 accounts are legitimate.
Here are the results for used charset for the whole password list:
This is the similar diagram, considering Hotmail password policy:
Assuming that the most part of Hotmail users are foreign Internet users, we can see the difference in how Russian and foreign users choose passwords. Our nationals prefer numerals but foreign users prefer English alphabet characters in lower case. On the other hand, Russian users choose longer passwords.
Here’s TOP50 of the most widespread passwords for Hotmail user accounts:
If we analyze the list of the most widespread passwords in Hotmail accounts, we can see that very often user name is used as a password. However, numeral combinations 123456, 1234567, 12345678 and 123456789 are in TOP10, as in used passwords statistics in Russian companies. They are considered as leaders among the \”most favorite passwords for users all over the world\” 🙂