Table of Contents
Leaked passwords
This section is intended to contain statistics on passwords leaks that are interesting or can be useful in terms of password research. Leaks of a large number of plain text passwords are most interesting, but also hashed passwords where most of them have been cracked, or smaller leaks where the users/passwords fit a specific profile or niche can also be useful.
Western
| Leak date | Name | Hash type | Unique hashes | Total hashes | Hash uniqueness1) | Unique (cracked) passwords | Total (cracked) passwords | Password uniqueness2) | Unique crack rate3) | Password analysis | More information | Comment |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2012-07-11 | Yahoo | plaintext | N/A | N/A | N/A | 342508 | 442832 | 77.34 % | 100 % | Passpal | The Telegraph report | |
| 2012-02-22 | YouPorn | plaintext | N/A | N/A | N/A | 833994 | 1566156 | 53.25 % | 100 % | Pipal Passpal | nakedsecurity.sophos.com report | Pipal dump based on a parse resulting in 3026016 total passwords. Passpal dump based on a parse resulting in 1566156 passwords. |
| 2012-01-12 | recreatief.nl | SHA-1 | 27141 | 27502 | 98.69 % |  | | | | Pipal Passpal | datalossdb.org entry | |
| 2011-12-24 | Stratfor | MD5 | 822666 | 860160 | 95.64 % | 757150 | 856245 | 88.43 % | 92.04 % | Pipal Passpal | Wikipedia on Stratfor leak | |
| 2011-12-22 | hemmelig.com (Norwegian) | MD5 | 22819 | 24559 | 92.92 % | 22515 | 24289 | 92.70 % | 98.67 % | Pipal Passpal | databreaches.net report cyberwarnews.info report | |
| 2011-07-11 | Booz Allen Hamilton | BASE64(SHA-1)? | 141527 | 154219 | 91.77 % | | | | | Pipal Passpal | cnet report | |
| 2011-06-26 | 50 Days of Lulz: Battlefield Heroes Beta | MD5 | 423710 | 548773 | 77.21 % | | | | | Pipal Passpal | Gizmodo report | |
| 2011-06-26 | 50 Days of Lulz: Nato Bookshop | plaintext | N/A | N/A | N/A | 10411 | 11524 | 90.34 % | 100 % | Pipal Passpal | Gizmodo report | |
| 2011-06-26 | 50 Days of Lulz: Random gaming forums | MD5 | 33152 | 50852 | 65.19 % | | | | | Pipal Passpal | Gizmodo report | |
| 2011-02-06 | rootkit.com | MD5 | 58673 | 71222 | 82.38 % | | | | | Pipal Passpal | The Guardian report | |
| 2010-12-11 | Gawker | DES | 743859 | 748091 | 99.43 % | | | | | Pipal Passpal | New York Times report Wikipedia on Gawker leak | |
| 2009-12-04 | RockYou | plaintext | N/A | N/A | N/A | 14344173 | 32603145 | 44.00 % | 100 % | Pipal Passpal | Wikipedia on RockYou leak | Removed 218 lines/unique passwords that were not valid UTF-8. A few lines seem to be HTML and other web scrapings, especially some of the longer lines, but this is hard to clean up automatically. |
| 2009-01 | phpBB | MD5 | | | | 184389 | 255421 | 72.19 % | 97 % (est.) | Pipal Passpal | Softpedia report | Information based on cracked hashes only. Cracked by Brandon Enright. |
Eastern
| Leak date | Name | Hash type | Unique hashes | Total hashes | Hash uniqueness4) | Unique (cracked) passwords | Total (cracked) passwords | Password uniqueness5) | Unique crack rate6) | Password analysis | More information | Comment |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2011-12 | China Software Developer Network (CSDN) | plaintext | N/A | N/A | N/A | 4037902 | 6428632 | 62.81 % | 100 % | Pipal Passpal | China Daily report | |
| 2011-12 | Zhenai.com | plaintext | N/A | N/A | N/A | 3512538 | 5251038 | 66.89 % | 100 % | Pipal Passpal | ZDNet report | |
| 2011-12 | Renren.com | plaintext | N/A | N/A | N/A | 2826611 | 4732799 | 59.72 % | 100 % | Pipal Passpal | | Passwords equal to 'NULL' was filtered out. |
| 2011-12 | 7k7k.com | plaintext | N/A | N/A | N/A | 2120654 | 6541991 | 32.42 % | 100 % | Pipal Passpal | ZDNet report | |
| 2011-12 | 178.com | plaintext | N/A | N/A | N/A | 3462278 | 9072961 | 38.16 % | 100 % | Pipal Passpal | ZDNet report | |
| 2011-12 | QianNao.com | plaintext | N/A | N/A | N/A | 475484 | 700061 | 67.92 % | 100 % | Pipal Passpal | | |
| 2011-12 | 766.com | MD5 | 120596 | 120600 | 100.00 % | | | | | Pipal Passpal | | |
| 2011-12 | YS168.com | plaintext | N/A | N/A | N/A | 228114 | 328240 | 69.50 % | 100 % | Pipal Passpal | | |
| 2011-12 | duowan.com | plaintext | N/A | N/A | N/A | | | | 100 % | Pipal Passpal | ZDNet report | Difficult to extract passwords from leaked files. |
| 2011-12 | mumayi.com | MD5 | 132479 | 132571 | 99.93 % | | | | | Pipal Passpal | | |
| 2011-12 | co188.com | MD5 | 6617464 | 13499275 | 49.02 % | | | | | Pipal Passpal | | |
| 2011-12 | duduniu.cn | plaintext | N/A | N/A | N/A | | | | 100 % | Pipal Passpal | | Difficult to extract passwords from leaked files. |
| 2011-11-07 | Oh Media (Malaysian) | SHA1 | 51383 | 60554 | 84.85 % | | | | | Pipal Passpal | cyberwarnews.info report technseceleb.blogspot.com report |
Know of a leak that's not listed here? Comment below, or send me an email at tal@lystadonline.no.
Dictionaries
This section is intended to contain dictionaries that are interesting in terms of dictionary/password research. I'm mostly interested in narrow dictionaries, or dictionaries it is clear how were made/generated, so that I can better learn what makes a good dictionary.
| Generated/fetched | Name | Unique words | Word analysis | Comment |
|---|---|---|---|---|
| 2012-01-14 | Cain & Abel | 306706 | Pipal Passpal | Taken from Cain & Abel 4.9.43. |
| 2012-01-04 | Page titles from English Wiktionary | 2889865 | Pipal Passpal | Downloaded from wikimedia.org. Removed 2268 lines due to invalid UTF-8. |
| 2011-11-20 | John the Ripper | 3546 | Pipal Passpal | Compiled by Solar Designer of Openwall Project. Based on passwords most commonly seen on a set of Unix systems in mid-1990's. It has been revised to also include common website passwords from public lists of “top N passwords” from major community website compromises that occurred in 2006 through 2010. |
| 2010-08 | First names from Facebook | 4347667 | Pipal Passpal | Gathered from Facebook by Ron Bowes |
| 2010-08 | Last names from Facebook | 5369437 | Pipal Passpal | Gathered from Facebook by Ron Bowes |
Know of a dictionary that's not listed here? Comment below, or send me an email at tal@lystadonline.no.
Other dictionaries
Here are links (in no particular order) to other dictionaries.
Know of a link that's not listed here? Comment below, or send me an email at tal@lystadonline.no.
