Primitive passwords are still trending: what did the analysis of 5 billion compromised data show?

[Teacher]

What do users think about when choosing child passwords? Apparently, the goal is to make life easier for hackers.

Over the past year, specialists of the Russian service for studying data leaks and monitoring the darknet DLBI (Data Leak & Breach Intelligence) have studied 44 million new accounts, increasing the total number of analyzed accounts to 5.52 billion. A new study is dedicated to the study of passwords, and since 2017, the total volume of analyzed accounts, including duplicate ones, was 36.6 billion. Of these, about 200 million were added in the last year alone.

Various sources were used to collect the data, including hash password recovery communities, shadow forums, and Telegram channels that publish data on mass leaks. An important part of the process is to clear data from duplicates and garbage, as well as exclude automatically generated passwords and accounts created by bots. In addition, Cyrillic characters have been converted to standard encoding for easy analysis.

Among the most significant leaks of 2023 included in the study were data from the game server lsbg.net (23 million accounts), an analytical company zacks.com ($16 million), medical laboratories helix.ru ($13 million), a mobile parking payment app in North America parkmobile.us (12 million) and a microloan matching service qzaem.ru (10 million rubles).

The study found that among all passwords,:

• More than 5.5 billion rubles. unique passwords, most of which consist of numbers, letters, Cyrillic characters, as well as combinations of letters, numbers, and special characters;
• More than 3.5 billion passwords contained 8 or more characters, and more than 915 million contained more than 10 characters.

In the top 25 most popular passwords of all time, there were no major changes. "123456" continues to be in the first place. And here are the 10 most popular passwords from leaks in 2023 alone::

1. 123456
2. 123456789
3. 1000000
4. 12345678
5. 12345
6. 123123
7. 1234567890
8. 123123qwe
9. qwerty
10. Qwerty123

Passwords for the .ru and .com domain zones were considered in a separate category.Russian Federation, where also "123456" took the first place. The analysis showed that users of these domain zones often use simple and easily guessed passwords.

Top 10 most popular ru zone passwords for 2023:

1. 123456
2. 123456789
3. 1000000
4. 12345678
5. 12345
6. 123123
7. 12345zz
8. qwerty
9. Qwerty123
10. 1234567890

Top 10 most popular passwords with only letters:

1. qwerty
2. password
3. qwertyuiop
4. zxcvbnm
5. iloveyou
6. asdasd
7. qazwsx
8. asdfghjkl
9. dragon
10. monkey

Top 10 most popular passwords with letters, numbers, and special characters:

1. 1qaz@WSX
2. P@ssw0rd
3. p@ssw0rd
4. pass@123
5. 1qaz!QAZ
6. !QAZ2wsx
7. Password1!
8. !QAZ1qaz
9. Pass@123
10. abc123!

10 most popular Cyrillic passwords:

1. ytsuken
2. password
3. love
4. hi
5. Natasha
6. maksim
7. marina
8. love
9. Andrey
10. kristina

In addition to passwords, the email domains used as logins were also analyzed. The leading domains here are: gmail.com and mail.ru. Among the names most commonly used in logins, "info" and "admin"are the most popular.

The study highlights the need to strengthen security measures and use more complex passwords, given that many users still rely on simple and easily guessed combinations.

In January last year, DLBI said that in 2022, the data of 75% of Russian citizens got to the Internet due to leaks. As noted in the DLBI report, most of the leaks contained users ' contact details, passwords, and information about the use of various Internet services.