Analysis Of Leaked MilitarySingles.org Passwords
This time I take a look at an interesting leak: MilitarySingles.org. They are operated by ESingles Inc. and they claimed that they had not been hacked by the notorious LulzSec hacker group. They assured their customers that the site had not been hacked and they claimed that "All user passwords in our database are encrypted and secure.". The rest of the story can be seen at databreaches.net.
It turns out that the passwords, despite what ESingles said, was not encrypted nor secure. They are unsalted MD5 hashes and combined with a weak password policy, almost all of the hashes were cracked within a few minutes.
A total of 163.792 hashes were leaked and 151.791 (92.2%) of them were cracked in 9 hours.
The Results
Length distribution
Average password length: 7,427
Character distribution
Unique character distribution
Contained in common wordlists
Contained in IQ wordlist (Click here for more info)
Top 30 most common passwords
Top 30 longest passwords
Bonus: Virtualization of the common passwords
It turns out that the passwords, despite what ESingles said, was not encrypted nor secure. They are unsalted MD5 hashes and combined with a weak password policy, almost all of the hashes were cracked within a few minutes.
A total of 163.792 hashes were leaked and 151.791 (92.2%) of them were cracked in 9 hours.
The Results
Length distribution
Average password length: 7,427
Character distribution
Unique character distribution
Contained in common wordlists
Contained in IQ wordlist (Click here for more info)
Top 30 most common passwords
Password | Frequency |
123456 | 763 |
password | 415 |
iloveyou | 177 |
military | 165 |
sunshine | 152 |
princess | 146 |
ranger | 131 |
marines | 128 |
michael | 118 |
12345678 | 118 |
love | 113 |
marine | 110 |
123456789 | 110 |
jennifer | 109 |
tigger | 100 |
loveme | 99 |
freedom | 98 |
michelle | 97 |
ashley | 97 |
justin | 95 |
single | 94 |
jessica | 94 |
airborne | 93 |
fuckyou | 93 |
nicole | 89 |
football | 87 |
1234 | 82 |
matthew | 81 |
monkey | 81 |
Top 30 longest passwords
Password | Length |
chocolatemint12 | 15 |
iloveallmy4kids | 15 |
Septembergirl13 | 15 |
restoration2010 | 15 |
alwayslovingyou | 15 |
salveregina1988 | 15 |
plastickitten58 | 15 |
123456789101112 | 15 |
screamingeagles | 15 |
whiskeygirl2012 | 15 |
pharmaceuticals | 15 |
philippines2012 | 15 |
catherine102484 | 15 |
airforcegirl711 | 15 |
loveme163456123 | 15 |
schoolofrock123 | 15 |
hannahjones1989 | 15 |
youllneverguess | 15 |
ctxcolormonitor | 15 |
flexiblecouch10 | 15 |
1cutestrawberry | 15 |
destinyschild20 | 15 |
coloradosprings | 15 |
rockfordfosgate | 15 |
americansingles | 15 |
danielradcliffe | 15 |
kimberly1234567 | 15 |
Fuckyourself007 | 15 |
POPOCATEPEL1978 | 15 |
Bonus: Virtualization of the common passwords
Comments
Post a Comment