Statistics about the leaked Gmail, Yandex, Mail.ru passwords

Around 10 million email addresses and passwords were recently leaked on a Russian Bitcoin forum. Many websites report about 5 million Gmail accounts the leak includes also accounts from 2 popular russian mail providers (Yandex and Mail.ru). The leak contains the following:

  • ~5 million Gmail email addresses and passwords
  • ~4 million Mail.ru email addresses and passwords
  • ~1 million Yandex email addresses and passwords

We’ve created a page where you can check if your email address was compromised.

After analyzing the leaked passwords it looks like these passwords are mostly old (around 2010 and older) and originating from various sources.

I thought it would be interesting to compare the passwords used on Russian sites, and those used on Gmail, which is predominantly English. Here are the results:

Statistic Gmail Russian mail providers
Top 10 passwords 123456 = 0.97%
password = 0.23%
123456789 = 0.23%
12345 = 0.16%
qwerty = 0.12%
12345678 = 0.11%
111111 = 0.07%
123123 = 0.06%
abc123 = 0.06%
1234567 = 0.06%
123456 = 1.84%
qwerty = 1.7%
123456789 = 0.5%
111111 = 0.34%
qwertyuiop = 0.24%
1234567890 = 0.2%
klaster = 0.18%
1234567 = 0.17%
qwe123 = 0.16%
7777777 = 0.16%
Top 10 base words password = 0.36%
qwerty = 0.23%
love = 0.07%
monkey = 0.06%
dragon = 0.06%
hello = 0.06%
iloveyou = 0.06%
qazwsx = 0.05%
july = 0.05%
abcd = 0.04%
qwerty = 1.94%
qwertyuiop = 0.25%
klaster = 0.18%
qwer = 0.17%
qazwsx = 0.12%
gfhjkm = 0.12%
mama = 0.12%
dima = 0.11%
qaz2wsx = 0.11%
alex = 0.1%
Password length One to six characters = 22.88%
One to eight characters = 65.27%
More than eight characters = 34.73%
One to six characters = 27.19%
One to eight characters = 65.46%
More than eight characters = 34.54%
Password structure Only lowercase alpha = 40.03%
Only uppercase alpha = 0.0%
Only alpha = 40.03%
Only numeric = 15.8%
Single digit on the end = 8.04%
Two digits on the end = 11.4%
Three digits on the end = 6.23%
Only lowercase alpha = 21.49%
Only uppercase alpha = 0.27%
Only alpha = 21.76%
Only numeric = 30.99%
Single digit on the end = 3.29%
Two digits on the end = 5.55%
Three digits on the end = 3.68%
Years (Top 10) 2010 = 0.21%
2009 = 0.19%
1987 = 0.17%
2008 = 0.16%
1986 = 0.15%
1985 = 0.15%
1988 = 0.15%
1984 = 0.15%
1989 = 0.14%
2000 = 0.14%
1987 = 0.6%
2010 = 0.57%
1988 = 0.57%
1986 = 0.56%
1991 = 0.56%
1989 = 0.56%
1990 = 0.56%
1985 = 0.54%
1992 = 0.51%
1984 = 0.49%

The Years (Top 10) statistic clearly indicate that the passwords have been collected round about 2010 or before. It also seems that Russians seems to prefer passwords composed of numbers (check the Password structure data – Only numeric). In this case, Gmail passwords are split between Only lowercase alpha and Only alpha. So, for some (unknown to me) reason many Russians chose passwords composed of numbers (maybe they are using something like their social security number?).

Share this post
  • i cannot understand, why top 10 years totally are less than 2%. Where is the other 98% and why 98% is not in the TOP?

    • Hi,

      The % shown for the Top 10 years is a percentage of all the passwords in the list. So the other 98.4% is equal to the other passwords in the list. It is also interesting that 1.6% chose a year from the last 20 years as their password.

  • Leave a Reply

    Your email address will not be published.