Analysis of Passwords Dumped from LinkedIn

Monday, June 11, 2012

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

I love taking a look at dumped passwords and analyzing them with Pipal by DigiNinja.

Pipal is a great analytical program that takes a password dump and looks for patterns, including password lengths and complexities.

I have always liked statistics and you can learn a lot from running passwords through Pipal.

I took a quick look at Pastebin and found that Stefan Venken (@StefanVenken) had already taken almost a million and a half of the LinkedIn passwords and analyzed them with Pipal.

Here are some of the more interesting results:

Password length (length ordered)

  1. 6 = 281193 (20.75%)
  2. 7 = 211946 (15.64%)
  3. 8 = 444338 (32.79%)

From this portion of cracked passwords, on average 8 character passwords were the most commonly used. 444,338 users chose passwords that were 8 characters long.

In fact, a whopping 69% of the passwords that were cracked were 8 characters, or less…

30% of the cracked passwords only used lowercase letters. While 45% of the passwords contained just lowercase letters and numbers.

And from the statistics, it looks like almost all of these were in the format of lowercase letters followed by one or more numbers, with the numbers always being at the end.

Overall, only 1% of the users used passwords that were made up of mixed case letters, numbers and symbols…

And according to an article on Arstechnica, all of the normal bad passwords were present, including:

  • 123456
  • 1234567
  • 12345678
  • password
  • strongpassword
  • And of course, linkedin

People put a lot of personal information out on LinkedIn. Many do so in looking for a new job or business opportunities. Users post their education and job experience along with the groups that they belong to.

A treasure trove of information to Social Engineers. It would seem that of all the online social sites, users would really choose a long complex password to secure their account on LinkedIn.

But as every one of the top bad passwords of 2011 were found in the dump it truly makes one wonder – What in the world is people’s fascination with the password “monkey”???

Cross-posted from Cyber Arms

Possibly Related Articles:
6728
Network Access Control
Information Security
Passwords Social Engineering Security Awareness Access Control hackers breach Analysis LinkedIn online safety
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked