453000 Yahoo Passwords Hacked? What is Wrong with Them and Us?

Share/Bookmark

Okay, I believe most of us already read or heard the new. Over 453, 000 Yahoo accounts have been hacked by D33ds Company group. If you haven't heard about it, Google it now. Pastebin dump: http://pastebin.com/QaDsh7NN

Image from securitybydefault.com 



But there are two things that are really really mind-boggling about the hack:

1) Hacked MySQL tables revealed the passwords are stored in f***ing plaintext!
2) Only 342,478 passwords are unique!!!

First, why on earth did a large tech company like Yahoo! stores non-encrypted passwords? Seriously, why??? Isn't password encryption is part of Database 101? This news leave me speechless

And then, over 100,000 passwords are not unique? Wow... Around 22% of the users should been given a wake up call

Okay, let see the top 10 passwords:



Here are the top 10 passwords from the Yahoo hack:


  1. 123456 = 1666 (0.38%)
  2. password = 780 (0.18%)
  3. welcome = 436 (0.1%)
  4. ninja = 333 (0.08%)
  5. abc123 = 250 (0.06%)
  6. 123456789 = 222 (0.05%)
  7. 12345678 = 208 (0.05%)
  8. sunshine = 205 (0.05%)
  9. princess = 202 (0.05%)
  10. qwerty = 172 (0.04%)


Here are the top 10 base words from the Yahoo hack:


  1. password = 1373 (0.31%)
  2. welcome = 534 (0.12%)
  3. qwerty = 464 (0.1%)
  4. monkey = 430 (0.1%)
  5. jesus = 429 (0.1%)
  6. love = 421 (0.1%)
  7. money = 407 (0.09%)
  8. freedom = 385 (0.09%)
  9. ninja = 380 (0.09%)
  10. writer = 367 (0.08%)


What 'base word' means (for those who can't figure it out) is that password have many variations, but all coming from the same word. For example;

fr33d0m ; FrEeDoM; freedom123 ; freeDOM007 ; freedoom ;  etc... are all based on 'freedom'.


And take a look at all these passwords (and base words). Even if they are encrypted, how long do you think it would take a hacker to brute-force those passwords? A decent password dictionary would crack all the hashes is no time.

So, what I'm trying to say here is... Choose your passwords wisely. Make it uniquely yours and only yours... Scramble together your initials, nicknames, ID numbers, birthdays, anniversaries and everything else that unique to you. Then mesh them, and scramble them together until it looks more like this: Hy1238jFD5ank73@hg* . Now that is one tough nut to crack.


Related Posts by Categories



Posted by Posted by Ariff Abdullah , on at 11:19 • Labels: , , ,

2 comments:

  • TOPX says:
    14 July 2012 05:05

    Do you happen to have a copy of the whole dump file?
    That Pastebin link does not have it any more.

Post a Comment

Find us on Google+