Around 10 million email addresses and passwords were recently leaked on a Russian Bitcoin forum. Many websites report about 5 million Gmail accounts the leak includes also accounts from 2 popular russian mail providers (Yandex and Mail.ru). The leak contains the following:

  • ~5 million Gmail email addresses and passwords
  • ~4 million Mail.ru email addresses and passwords
  • ~1 million Yandex email addresses and passwords

After analyzing the leaked passwords it looks like these passwords are mostly old (around 2010 and older) and originating from various sources.

I thought it would be interesting to compare the passwords used on Russian sites, and those used on Gmail, which is predominantly English. Here are the results:

Statistic Gmail Russian mail providers
Top 10 passwords 123456 = 0.97%
password = 0.23%
123456789 = 0.23%
12345 = 0.16%
qwerty = 0.12%
12345678 = 0.11%
111111 = 0.07%
123123 = 0.06%
abc123 = 0.06%
1234567 = 0.06%
123456 = 1.84%
qwerty = 1.7%
123456789 = 0.5%
111111 = 0.34%
qwertyuiop = 0.24%
1234567890 = 0.2%
klaster = 0.18%
1234567 = 0.17%
qwe123 = 0.16%
7777777 = 0.16%
Top 10 base words password = 0.36%
qwerty = 0.23%
love = 0.07%
monkey = 0.06%
dragon = 0.06%
hello = 0.06%
iloveyou = 0.06%
qazwsx = 0.05%
july = 0.05%
abcd = 0.04%
qwerty = 1.94%
qwertyuiop = 0.25%
klaster = 0.18%
qwer = 0.17%
qazwsx = 0.12%
gfhjkm = 0.12%
mama = 0.12%
dima = 0.11%
qaz2wsx = 0.11%
alex = 0.1%
Password length One to six characters = 22.88%
One to eight characters = 65.27%
More than eight characters = 34.73%
One to six characters = 27.19%
One to eight characters = 65.46%
More than eight characters = 34.54%
Password structure Only lowercase alpha = 40.03%
Only uppercase alpha = 0.0%
Only alpha = 40.03%
Only numeric = 15.8%
Single digit on the end = 8.04%
Two digits on the end = 11.4%
Three digits on the end = 6.23%
Only lowercase alpha = 21.49%
Only uppercase alpha = 0.27%
Only alpha = 21.76%
Only numeric = 30.99%
Single digit on the end = 3.29%
Two digits on the end = 5.55%
Three digits on the end = 3.68%
Years (Top 10) 2010 = 0.21%
2009 = 0.19%
1987 = 0.17%
2008 = 0.16%
1986 = 0.15%
1985 = 0.15%
1988 = 0.15%
1984 = 0.15%
1989 = 0.14%
2000 = 0.14%
1987 = 0.6%
2010 = 0.57%
1988 = 0.57%
1986 = 0.56%
1991 = 0.56%
1989 = 0.56%
1990 = 0.56%
1985 = 0.54%
1992 = 0.51%
1984 = 0.49%

The Years (Top 10) statistic clearly indicate that the passwords have been collected round about 2010 or before. It also seems that Russians seems to prefer passwords composed of numbers (check the Password structure data – Only numeric). In this case, Gmail passwords are split between Only lowercase alpha and Only alpha. So, for some (unknown to me) reason many Russians chose passwords composed of numbers (maybe they are using something like their social security number?).

SHARE THIS POST
THE AUTHOR
Bogdan Calin

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.