Gmail, AOL and Yahoo logins posted online; weak passwords
Charles Arthur of The Guardian suggests that the leaked email passwords may affect even more people than previously suggested:
More than a quarter of a million email accounts on the biggest webmail services are believed to be at risk from online criminals after thousands of passwords belonging to users of the Yahoo, AOL and Gmail services were posted online.
The breach, likely to be the accumulation of a number of separate phishing attacks using fake sites to lure people to leave login details, is believed to be one of the biggest of its kind.
The numbers are estimates based on extrapolating from the percent of Hotmail users whose information was leaked.
Meanwhile, Robert McMillan of IDG News Service reports that a security research found that not unexpectedly, many people were using simple passwords:
That’s according to Bogdan Calin, a security researcher who got hold of 10,000 stolen Windows Live Hotmail usernames and passwords that were posted to the Web site PasteBin late last week.[…]
After taking a look at the passwords, the security researcher found that two very weak passwords — 123456 and 123456789 — were the most common ones used by the victims. Of the 9,843 valid passwords he found, 82 of them used one of these two combinations. 12345678, 1234567 and 111111 also made the top 10 most common passwords.
Although weak passwords are probably not the cause of the problem, which has been tentatively attributed to phishing schemes, Calin’s analysis suggests that there are still many people who do not use strong passwords and/or who may have left accounts inactive without ever closing them. Given that so many people re-use the same login/pass combination, the leaked data suggest that this would be a good time for people to change their login/pass for current accounts and to use distinct combinations for each account.