Analysis of 30.000 Phished Facebook Accounts

This analysis is based on 7 leaks of phished Facebook accounts leaked by the hackers 0x0mar and Hannibal. One of the leaks from Hannibal were advertized to contain over 100.000 accounts, but the it seems that he can't count since the leak only contained a combined total of 25.000 accounts.

No passwords were cracked, all passwords were phished.

Data Validity
As always with phished accounts, there is a lot of garbage and that makes the analysis have a high statistical error. Together with the fact that all 7 leaks contained duplicate accounts (same email and password combination multiple times) and the fact that around 2.000 accounts had a password length less than what the Facebook policy allows, the apparent quality of the leaks is very low. After filtering the data and removing garbage, I ended up with 27.978 accounts.

The Results

Length distribution
Average password length: 8,579955

Character distribution

Unique character distribution

Contained in common wordlists

Top 30 most common passwords

Top 30 longest passwords


Popular posts from this blog

Reducing the size of self-contained .NET Core applications

.NET Compression Libraries Benchmark

Broad And Narrow Phase Collision Detection Systems