The âCollection #1â data breach could also have a positive effect on cyber security. Marco Ramilli of Yoroi, analyzing it, answered three questions that could led to better understand users behaviours and improve their protections against cyber threats
The case of the âCollection #1â data breach, published by Troy Hunt (773 Millions of new Records), had also a positive effect. It led the cyber security experts pose some questions and give answers. Analyzing it, in fact, is possible to learn a lot on howâs changing the web experience from the users point of view. And consequently the threats and the weaknesses, that could be exploited by bad actors to launch cyber attacks. Marco Ramilli, white-hat hacker and founder of Yoroi, downloaded a copy of the database, considered the biggest leaked compilation in history. He studied it and he answered three questions, useful to better protect systems against cyber attacks. 1) âWhat are the most used passwords ?â; 2) âWhat are the domain names of the most leaked emails?â; 3) âwhat sources data is coming fromââ.
What are the most used passwords?
âSo far the most used passwords are: â123456â, âq1w2e3r4t5y6â, â123456789â, â1qaz2wsx3edcâ, followed by most common passwords like â12345678â and âqwertyâ,â the cyber security expert noted in a post on his blog. âBy observing the current graph and comparing it to common researches on frequently used passwords, we might appreciate a significative difference: the pattern complexity! In fact, while years ago the most used passwords were about names, dates or simple patters such as âqwertyâ, today we observe a significative increase in pattern complexity, but still too easy to be brute-forcedâ.
What are the domain names of the most leaked emails?
About the âCollection #1â data breach domain names of the most leaked emails, âare not the most vulnerable but rather the most used ones,â Ramilli continued. âIâm not saying that those domains are/or have been vulnerable or Pwned, but I am trying to find what are the most leaked email providers. In other words if you receive an email from â@gmail.comâ what is the probability that it has been leaked and potentially compromised ? Again I cannot answer to such a question since I do not have the total amount of â@gmail.comâ accounts all around the word, but I think it might be a nice indicator to find out what are the most leaked email domain namesâ. However, âthe most leaked emails come from âyahoo.comâ, âgmail.comâ, âaol.comâ and âhotmail.comâ. This is quite interesting since we are mostly facing personal emails providers (domains) rather then professional emails providers (such as company.com). So apparently, attackers are mostly focused in targeting people rather then companies (maybe attacking not professional websites and/or distributing malware to people rather then companies domain names). Another interesting data to know is about the unique leaked email domain names: 4426, so far!â.
What sources data is coming from?
On the last question about the data breach, Ramilli explained that âi made some deductions from the data leaked structure. Each folder holds .TXT files which have names that look like domain names. Some of those are really domain names (tested), some other are on-sale right now, and many other seems to just look like a domain, but I had no evidences of them,â the cyber security experts resports. âAnyway I decided to assume that the file names looking like domain names are the domain from which the attacker leaked informations. So, having such in mind we might deduce where the attacker extracted the data (username and passwords) and perform a personal evaluation about the leaked informationâ.
Photo Credits: Troy Hunt