- Jan 24, 2011
- 9,378
A security researcher who analyzed data from two recently leaked databases concluded that the rate of password reuse is higher than previously believed.
Joseph Bonneau, a PhD student with the Security Group at the University of Cambridge Computer Laboratory, analyzed user passwords stolen from Gawker and rootkit.com.
The Gawker user database was leaked by hackers in the first half of December, while the rootkit.com one made its way onto the Internet just recently, after Anonymous hacked HBGary.
The Gawker leak was much bigger, exposing some 1.3 million logins and password hashes, compared to the 81,000 stolen from rootkit.com.
When intersecting the two databases, Bonneau found a number of 522 email addresses registered at both sites. Of those, about 456 were determined to be valid pairs.
"This is about a 1% overlap, small but reasonable given the very different niches of the two websites," he notes.
More details : link
Joseph Bonneau, a PhD student with the Security Group at the University of Cambridge Computer Laboratory, analyzed user passwords stolen from Gawker and rootkit.com.
The Gawker user database was leaked by hackers in the first half of December, while the rootkit.com one made its way onto the Internet just recently, after Anonymous hacked HBGary.
The Gawker leak was much bigger, exposing some 1.3 million logins and password hashes, compared to the 81,000 stolen from rootkit.com.
When intersecting the two databases, Bonneau found a number of 522 email addresses registered at both sites. Of those, about 456 were determined to be valid pairs.
"This is about a 1% overlap, small but reasonable given the very different niches of the two websites," he notes.
More details : link
