the link htttps://d33ds.co/archive/yahoo-disclosure.txt now seems to be over capacity to open, but below is a summary of the hacked accounts:
Total entries = 442773
Total unique entries = 342478
Top 10 passwords
123456 = 1666 (0.38%)
password = 780 (0.18%)
welcome = 436 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)
Top 10 base words
password = 1373 (0.31%)
welcome = 534 (0.12%)
qwerty = 464 (0.1%)
monkey = 430 (0.1%)
jesus = 429 (0.1%)
love = 421 (0.1%)
money = 407 (0.09%)
freedom = 385 (0.09%)
ninja = 380 (0.09%)
writer = 367 (0.08%)
Full statistics available on Pastebin.
I also checked the frequency of the various domains used for
e-mail addresses:
137556 yahoo.com
106869 gmail.com
55147 hotmail.com
25520 aol.com
8536 comcast.net
6395 msn.com
5193 sbcglobal.net
4313 live.com
3029 verizon.net
2847 bellsouth.net
2260 cox.net
2133 yahoo.co.in
2077 ymail.com
2028 hotmail.co.uk
1943 earthlink.net
1828 yahoo.co.uk
1611 aim.com
1436 charter.net
1372 att.net
1146 mac.com
1131
rediffmail.com
1124
googlemail.com
1053
rocketmail.com
928 juno.com
853
optonline.net
810 yahoo.ca
572
peoplepc.com
546 mail.com
536
excite.com
453
netzero.com
433
netzero.net
419
embarqmail.com
400
yahoo.co.id
367
live.co.uk
344
insightbb.com
342 shaw.ca
339
windstream.net
336
inbox.com
336
btinternet.com
322
tampabay.rr.com
321
lycos.com
316
mchsi.com
313
yahoo.com.au
307
netscape.net
302
roadrunner.com
299 gmx.com
298
myway.com
1870 .edu
93
.gov
81
.mil
The attackers said that they managed to access the subdomain by leveraging a union-based SQL injection attack, which made the site return more information that it should have.
No comments:
Post a Comment