Analysis of Leaked B-K Lightning Passwords

B-K Lightning was recently victim of an SQL injection. The team behind it used an automated tool to find the SQL injection and then used another tool to gather the data. This is evident inside the data itself. I removed the injection data as it would lower the quality of this analysis.

No passwords where cracked as the site keeps their passwords in clear-text. 

The Results
The leak contains a total of 3288 passwords.

Length distribution
Average password length: 7.132295

Character distribution

Unique character distribution

Contained in common wordlists

Top 30 most common passwords

Top 30 longest passwords

The data this analysis is based on is doubtful as it was extracted without any regards to data consistency. This is partly due to an error based SQL injection was used (limits the length of the strings given) and the fact that it was extracted from the output of the web application itself.


Popular posts from this blog

Reducing the size of self-contained .NET Core applications

.NET Compression Libraries Benchmark

Broad And Narrow Phase Collision Detection Systems