Legal disclaimer >>> The information on this site is intended to be used for legal and ethical purposes like research, education, journalism and educating the public. Our intention is to comply with any and all applicable laws. If you can provide legal advice, please let us know.

Contribute >>> Have new or missing information? See something wrong? Use the comment section at the bottom of all pages, email or Twitter.

Stay up to date >>> Follow us on Twitter.

Leaked passwords

This section is intended to contain statistics on passwords leaks that are interesting or can be useful in terms of password research. Leaks of a large number of plain text passwords are most interesting, but also hashed passwords where most of them have been cracked, or smaller leaks where the users/passwords fit a specific profile or niche can also be useful.

Western

Leak date Name Hash type Unique hashes Total hashes Hash uniqueness1) Unique (cracked) passwords Total (cracked) passwords Password uniqueness2) Unique crack rate3) Password analysis More information Comment
2012-07-11 Yahoo plaintext N/A N/A N/A 342508 442832 77.34 % 100 % Passpal The Telegraph report
2012-02-22 YouPorn plaintext N/A N/A N/A 833994 1566156 53.25 % 100 % Pipal Passpal nakedsecurity.sophos.com report Pipal dump based on a parse resulting in 3026016 total passwords. Passpal dump based on a parse resulting in 1566156 passwords.
2012-01-12 recreatief.nl SHA-1 27141 27502 98.69 % FIXME FIXME FIXME FIXME Pipal Passpal datalossdb.org entry
2011-12-24 Stratfor MD5 822666 860160 95.64 % 757150 856245 88.43 % 92.04 % Pipal Passpal Wikipedia on Stratfor leak
2011-12-22 hemmelig.com (Norwegian) MD5 22819 24559 92.92 % 22515 24289 92.70 % 98.67 % Pipal Passpal databreaches.net report cyberwarnews.info report
2011-07-11 Booz Allen Hamilton BASE64(SHA-1)? 141527 154219 91.77 % FIXME FIXME FIXME FIXME Pipal Passpal cnet report
2011-06-26 50 Days of Lulz: Battlefield Heroes Beta MD5 423710 548773 77.21 % FIXME FIXME FIXME FIXME Pipal Passpal Gizmodo report
2011-06-26 50 Days of Lulz: Nato Bookshop plaintext N/A N/A N/A 10411 11524 90.34 % 100 % Pipal Passpal Gizmodo report
2011-06-26 50 Days of Lulz: Random gaming forums MD5 33152 50852 65.19 % FIXME FIXME FIXME FIXME Pipal Passpal Gizmodo report
2011-02-06 rootkit.com MD5 58673 71222 82.38 % FIXME FIXME FIXME FIXME Pipal Passpal The Guardian report
2010-12-11 Gawker DES 743859 748091 99.43 % FIXME FIXME FIXME FIXME Pipal Passpal New York Times report Wikipedia on Gawker leak
2009-12-04 RockYou plaintext N/A N/A N/A 14344173 32603145 44.00 % 100 % Pipal Passpal Wikipedia on RockYou leak Removed 218 lines/unique passwords that were not valid UTF-8. A few lines seem to be HTML and other web scrapings, especially some of the longer lines, but this is hard to clean up automatically.
2009-01 phpBB MD5 FIXME FIXME FIXME 184389 255421 72.19 % 97 % (est.) Pipal Passpal Softpedia report Information based on cracked hashes only. Cracked by Brandon Enright.

Eastern

Leak date Name Hash type Unique hashes Total hashes Hash uniqueness4) Unique (cracked) passwords Total (cracked) passwords Password uniqueness5) Unique crack rate6) Password analysis More information Comment
2011-12 China Software Developer Network (CSDN) plaintext N/A N/A N/A 4037902 6428632 62.81 % 100 % Pipal Passpal China Daily report
2011-12 Zhenai.com plaintext N/A N/A N/A 3512538 5251038 66.89 % 100 % Pipal Passpal ZDNet report
2011-12 Renren.com plaintext N/A N/A N/A 2826611 4732799 59.72 % 100 % Pipal Passpal FIXME Passwords equal to 'NULL' was filtered out.
2011-12 7k7k.com plaintext N/A N/A N/A 2120654 6541991 32.42 % 100 % Pipal Passpal ZDNet report
2011-12 178.com plaintext N/A N/A N/A 3462278 9072961 38.16 % 100 % Pipal Passpal ZDNet report
2011-12 QianNao.com plaintext N/A N/A N/A 475484 700061 67.92 % 100 % Pipal Passpal FIXME
2011-12 766.com MD5 120596 120600 100.00 % FIXME FIXME FIXME FIXME Pipal Passpal FIXME
2011-12 YS168.com plaintext N/A N/A N/A 228114 328240 69.50 % 100 % Pipal Passpal FIXME
2011-12 duowan.com plaintext N/A N/A N/A FIXME FIXME FIXME 100 % Pipal Passpal ZDNet report Difficult to extract passwords from leaked files.
2011-12 mumayi.com MD5 132479 132571 99.93 % FIXME FIXME FIXME FIXME Pipal Passpal FIXME
2011-12 co188.com MD5 6617464 13499275 49.02 % FIXME FIXME FIXME FIXME Pipal Passpal FIXME
2011-12 duduniu.cn plaintext N/A N/A N/A FIXME FIXME FIXME 100 % Pipal Passpal FIXME Difficult to extract passwords from leaked files.
2011-11-07 Oh Media (Malaysian) SHA1 51383 60554 84.85 % FIXME FIXME FIXME FIXME Pipal Passpal cyberwarnews.info report technseceleb.blogspot.com report

Know of a leak that's not listed here? Comment below, or send me an email at tal@lystadonline.no.

Dictionaries

This section is intended to contain dictionaries that are interesting in terms of dictionary/password research. I'm mostly interested in narrow dictionaries, or dictionaries it is clear how were made/generated, so that I can better learn what makes a good dictionary.

Generated/fetched Name Unique words Word analysis Comment
2012-01-14 Cain & Abel 306706 Pipal Passpal Taken from Cain & Abel 4.9.43.
2012-01-04 Page titles from English Wiktionary 2889865 Pipal Passpal Downloaded from wikimedia.org. Removed 2268 lines due to invalid UTF-8.
2011-11-20 John the Ripper 3546 Pipal Passpal Compiled by Solar Designer of Openwall Project. Based on passwords most commonly seen on a set of Unix systems in mid-1990's. It has been revised to also include common website passwords from public lists of “top N passwords” from major community website compromises that occurred in 2006 through 2010.
2010-08 First names from Facebook 4347667 Pipal Passpal Gathered from Facebook by Ron Bowes
2010-08 Last names from Facebook 5369437 Pipal Passpal Gathered from Facebook by Ron Bowes

Know of a dictionary that's not listed here? Comment below, or send me an email at tal@lystadonline.no.

Other dictionaries

Here are links (in no particular order) to other dictionaries.

Know of a link that's not listed here? Comment below, or send me an email at tal@lystadonline.no.

1) , 4) unique hashes/total hashes
2) , 5) unique passwords/total passwords
3) , 6) unique passwords/unique hashes
Print/export