(LiveHacking.Com) – A group going by the name ‘d33ds’ has reportedly taken details of 450,000 accounts from the Yahoo.com subdomain dbb1.ac.bf1.yahoo.com. It is thought that a SQL injecton was used to extract the account information from a Yahoo! database. The passwords extracted were in clear text. The details were posted online on the the groups’ website, however that now appears to be offline.
Before the list went offline, security researcher Anders Nilsson was able to run an analysis using the password analyzer Pipal to discover which were the most common passwords and domains. The full password analysis is on Pastebin. The top 10 passwords were: 123456, password, welcome, ninja, abc123, 123456789, 12345678 , sunshine, princess and qwerty.
Other interesting stats from the analysis show that most passwords were 6 to 9 characters long (over 71%) and that half of the passwords used only lowercase alpha numeric characters. One third only used lowercase letters for the passwords.