450000 Nombres de usuario y contraseñas robadas de YAHOO

[cybdani]

Unos hackers consiguieron robar de las bases de datos 450000 nombres de usuario y sus contraseñas de YAHOO. Parte de esos datos se publicaron en un servidor.

Top 10 passwords

123456 = 1666 (0.38%)

password = 780 (0.18%)

welcome = 436 (0.1%)

ninja = 333 (0.08%)

abc123 = 250 (0.06%)

123456789 = 222 (0.05%)

12345678 = 208 (0.05%)

sunshine = 205 (0.05%)

princess = 202 (0.05%)

qwerty = 172 (0.04%)



Top 10 base words

password = 1373 (0.31%)

welcome = 534 (0.12%)

qwerty = 464 (0.1%)

monkey = 430 (0.1%)

jesus = 429 (0.1%)

love = 421 (0.1%)

money = 407 (0.09%)

freedom = 385 (0.09%)

ninja = 380 (0.09%)

writer = 367 (0.08%)



Password length (length ordered)

1 = 117 (0.03%)

2 = 70 (0.02%)

3 = 302 (0.07%)

4 = 2748 (0.62%)

5 = 5323 (1.2%)

6 = 79610 (17.98%)

7 = 65598 (14.82%)

8 = 119125 (26.9%)

9 = 65955 (14.9%)

10 = 54756 (12.37%)

11 = 21219 (4.79%)

12 = 21728 (4.91%)

13 = 2657 (0.6%)

14 = 1493 (0.34%)

15 = 837 (0.19%)

16 = 570 (0.13%)

17 = 263 (0.06%)

18 = 126 (0.03%)

19 = 89 (0.02%)

20 = 178 (0.04%)

21 = 11 (0.0%)

22 = 8 (0.0%)

23 = 3 (0.0%)

24 = 3 (0.0%)

27 = 2 (0.0%)

28 = 5 (0.0%)

29 = 3 (0.0%)

30 = 2 (0.0%)



Password length (count ordered)

8 = 119125 (26.9%)

6 = 79610 (17.98%)

9 = 65955 (14.9%)

7 = 65598 (14.82%)

10 = 54756 (12.37%)

12 = 21728 (4.91%)

11 = 21219 (4.79%)

5 = 5323 (1.2%)

4 = 2748 (0.62%)

13 = 2657 (0.6%)

14 = 1493 (0.34%)

15 = 837 (0.19%)

16 = 570 (0.13%)

3 = 302 (0.07%)

17 = 263 (0.06%)

20 = 178 (0.04%)

18 = 126 (0.03%)

1 = 117 (0.03%)

19 = 89 (0.02%)

2 = 70 (0.02%)

21 = 11 (0.0%)

22 = 8 (0.0%)

28 = 5 (0.0%)

29 = 3 (0.0%)

24 = 3 (0.0%)

23 = 3 (0.0%)

27 = 2 (0.0%)

30 = 2 (0.0%)

One to six characters = 88164 (19.91%)

One to eight characters = 272885 (61.63%)

More than eight characters = 169888 (38.37%)



Only lowercase alpha = 146486 (33.08%)

Only uppercase alpha = 1778 (0.4%)

Only alpha = 148264 (33.49%)

Only numeric = 26077 (5.89%)


First capital last symbol = 1259 (0.28%)

First capital last number = 17464 (3.94%)

Character sets

loweralphanum: 224071 (50.61%)

loweralpha: 146486 (33.08%)

numeric: 26077 (5.89%)

mixedalphanum: 23234 (5.25%)

loweralphaspecialnum: 6067 (1.37%)

mixedalpha: 5121 (1.16%)

upperalphanum: 3416 (0.77%)

mixedalphaspecialnum: 3340 (0.75%)

loweralphaspecial: 2079 (0.47%)

upperalpha: 1778 (0.4%)

mixedalphaspecial: 486 (0.11%)

upperalphaspecialnum: 222 (0.05%)

specialnum: 188 (0.04%)

upperalphaspecial: 46 (0.01%)

special: 16 (0.0%)



Character set ordering

stringdigit: 185299 (41.85%)

allstring: 153385 (34.64%)

alldigit: 26077 (5.89%)

othermask: 25115 (5.67%)

digitstring: 24960 (5.64%)

stringdigitstring: 18676 (4.22%)

digitstringdigit: 4648 (1.05%)

stringspecialdigit: 2359 (0.53%)

stringspecial: 1111 (0.25%)

stringspecialstring: 833 (0.19%)

specialstringspecial: 168 (0.04%)

specialstring: 126 (0.03%)

allspecial: 16 (0.0%)

Editado 13 de Julio del 2012 por cybdani

[cybdani]

ATENCION:

Cuidado! Se estan produciendo una serie de ataques en métodos de pago que tienen una protección altisima. Ya no hablo solo de yahoo. Os recomiendo no comprar nada por internet estos días.

Cambiar las contraseñas de todas vuestras cuentas. Incluso las de aquí.

Es muy grave el asunto así que tener cuidado a quien dais vuestra tarjeta. Ahora mismo la situación es crítica. Se esta trabajando en ello desde los zero day pero poca cosa se puede hacer cuando un sistema ha sido creado para tener agujeros.

[amartinezpipo]

Gracias por el aviso cybdani!

Un saludo!

[cybdani]

Sobretodo no tengáis el mismo pass en todas las cuentas. Cada cuenta que coincida con el mismo nombre de usuario un pass distinto.

Saludos!

[CLF]

joder, esto de internet...cada dia peor.

[funki]

Gracias Cybdani.