Stolen Hotmail Data Finds Simple Passwords

Status
Not open for further replies.

samely

Distinguished
Jun 5, 2009
62
0
18,630
[citation][nom]JasonAkkerman[/nom]Whats up with all the Hispanic names?[/citation]
"The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos."
 

Ethuus

Distinguished
Feb 23, 2008
6
0
18,510
So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
 

koga73

Distinguished
Jan 23, 2008
405
0
18,780
A strong password is important! My passwords are 16 characters long using uppercase/lowercase/numbers. Its not prone to dictionary attack or brute-force (well, itd take a long time). And all of my passwords are different so if one is comprimised the rest arn't.
 

Platypus

Distinguished
Apr 22, 2009
235
0
18,680
[citation][nom]koga73[/nom]A strong password is important! My passwords are 16 characters long using uppercase/lowercase/numbers. Its not prone to dictionary attack or brute-force (well, itd take a long time). And all of my passwords are different so if one is comprimised the rest arn't.[/citation]Want a cookie for remembering them all? (Pun intended)
 

thatcrazyguy

Distinguished
Aug 5, 2009
5
0
18,510
[citation][nom]JasonAkkerman[/nom]Whats up with all the Hispanic names?[/citation]
Well the researcher suggests that this phishing scam targeted Hispanics. Although I am still trying to figure out how and why a phisher would target a specific group of people rather than as many people as possible.
 
G

Guest

Guest
I am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.
 

randomizer

Champion
Moderator
[citation][nom]TheresaC[/nom]I am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.[/citation]
Wait... you give all of your passwords to one website?
 

athreex

Distinguished
Dec 10, 2008
204
0
18,680
[citation][nom]randomizer[/nom]Wait... you give all of your passwords to one website?[/citation]

haha !!

He/She will tell you ( oh yeah they have security/encryption and they don't see anything and agreements blah, blah blah) In the end, yeah you're giving your password to some password management service.

Still, the article is true, (Puerto Rican here), i know a lot people that have simple passwords, I've taught my family to combine several characters with numbers in the moment of creating passwords. On the other hand, phishing kits like this are obviouly targeted at non tech savy folks.
 
G

Guest

Guest
Ethuus 10/08/2009 12:10 PM

So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!



Space Balls!!!!
 

Duncan_Idah0

Distinguished
May 29, 2008
6
0
18,510
Taking into account that it has been stated that most of the compromised email accounts were from Europe and that they were obtained with a pishing attack, I think it is quite obvious that it was a pishing attack in Spanish targeted at Spaniards... I mean not much sense sending an email in spanish pretending to be from hotmail staff to a britt or a dutch.
 

DominionSeraph

Distinguished
Oct 22, 2007
12
0
18,510
The simplicity of hotmail passwords alone says nothing. I have 3 hotmail accounts that all use 123456: Two I use as spam drops, and one is for screwing with scammers.

And now, with Freetoeveryone@live.com, I have four.
Oh noes! My security!
 

andyviant

Distinguished
Apr 21, 2009
35
0
18,530
[citation][nom]thatcrazyguy[/nom]Although I am still trying to figure out how and why a phisher would target a specific group of people rather than as many people as possible.[/citation]

Check out this page: http://www.internetworldstats.com/stats2.htm

Shows that internet usage among central and south american countries has skyrocketed ~900% since 2000. That means (assuming the majority of those people speak spanish) that there a are a number of users in this demographic who are new to this and are likely to fall for phishing scams that more experienced users (I'll give some of us credit) would not be fooled by.

And a more simple answer to your question: the phisher spoke spanish -- not english. Since phishing scams rely on convincing language use, even if he knows a bit of english it may not be enough to make you think he's google/microsoft doing a password reset.
 
Status
Not open for further replies.