Phished or not, leaked passwords show lazy habits
It's still unclear exactly how 20,000 passwords discovered on the Web recently were stolen, but the finding reveals much in the way of people's password habits: some of us are lazy.
Several lists of passwords from Hotmail, Gmail, Yahoo Mail, and other accounts were discovered and reported on earlier in the week. While, Microsoft, Google, and Yahoo are blaming phishing, a researcher at ScanSafe thinks password-stealing malware on computers could be the culprit, which would mean that more than just the Web e-mail accounts may have been compromised.
Security researcher Bogdan Calin did a statistical analysis of the list of more than 10,000 Windows Live Hotmail passwords and wrote about his findings on the Acunetix blog. He discovered that the most common password was "123456," used for 64 of the passwords. In second place was "123456789," used for 18 of them. Also, 42 percent of the passwords used only lower case letters.