Analysis of 30.000 Phished Facebook Accounts
This analysis is based on 7 leaks of phished Facebook accounts leaked by the hackers 0x0mar and Hannibal. One of the leaks from Hannibal were advertized to contain over 100.000 accounts, but the it seems that he can't count since the leak only contained a combined total of 25.000 accounts.
No passwords were cracked, all passwords were phished.
Data Validity
As always with phished accounts, there is a lot of garbage and that makes the analysis have a high statistical error. Together with the fact that all 7 leaks contained duplicate accounts (same email and password combination multiple times) and the fact that around 2.000 accounts had a password length less than what the Facebook policy allows, the apparent quality of the leaks is very low. After filtering the data and removing garbage, I ended up with 27.978 accounts.
The Results
Length distribution
Average password length: 8,579955
Character distribution
Unique character distribution
Contained in common wordlists
Top 30 most common passwords
Top 30 longest passwords
No passwords were cracked, all passwords were phished.
Data Validity
As always with phished accounts, there is a lot of garbage and that makes the analysis have a high statistical error. Together with the fact that all 7 leaks contained duplicate accounts (same email and password combination multiple times) and the fact that around 2.000 accounts had a password length less than what the Facebook policy allows, the apparent quality of the leaks is very low. After filtering the data and removing garbage, I ended up with 27.978 accounts.
The Results
Length distribution
Average password length: 8,579955
Character distribution
Unique character distribution
Contained in common wordlists
Top 30 most common passwords
Top 30 longest passwords
Comments
Post a Comment