Statistics of the Hotmail phishing attack

Bogdan Calin from Acunetix examined the passwords published after the Hotmail phishing attack, came to several conclusions and published some basic statistics.

The top 20 most common passwords from the list

1. 123456 – 64
2. 123456789 – 18
3. alejandra – 11
4. 111111 – 10
5. alberto – 9
6. tequiero – 9
7. alejandro – 9
8. 12345678 – 9
9. 1234567 – 8
10. estrella – 7
11. iloveyou – 7
12. daniel – 7
13. 000000 – 7
14. roberto – 7
15. 654321 – 6
16. bonita – 6
17. sebastian – 6
18. beatriz – 6
19. mariposa – 5
20. america – 5

Password length distribution

  • 1 chars – 2 – 0%
  • 2 chars – 4 – 0%
  • 3 chars – 4 – 0%
  • 4 chars – 31 – 0%
  • 5 chars – 49 – 1%
  • 6 chars – 1946 – 22%
  • 7 chars – 1254 – 14%
  • 8 chars – 1838 – 21%
  • 9 chars – 1091 – 12%
  • 10 chars – 772 – 9%
  • 11 chars – 527 – 6%
  • 12 chars – 431 – 5%
  • 13 chars – 290 – 3%
  • 14 chars – 219 – 2%
  • 15 chars – 157 – 2%
  • 16 chars – 190 – 2%
  • 17 chars – 56 – 1%
  • 18 chars – 17 – 0%
  • 19 chars – 7 – 0%
  • 20 chars – 14 – 0%
  • 21 chars – 10 – 0%
  • 22 chars – 8 – 0%
  • 23 chars – 3 – 0%
  • 24 chars – 3 – 0%
  • 25 chars – 3 – 0%
  • 26 chars – 0 – 0%
  • 27 chars – 3 – 0%
  • 28 chars – 0 – 0%
  • 29 chars – 1 – 0%
  • 30 chars – 1 – 0%

As you can see from the list above, most of the passwords are between 6 and 9 characters long with the average password length of 8 characters.




Share this