Actual password reuse between two breached web sites with plaintext passwords

Study: What do Sony and Yahoo! Have in common? Passwords!
Date: July 12 2012

There were 302 common accounts between the Yahoo! Voices password database breach in July 2012 and password database breach in June 2011. How did those user passwords compare?
  • 59%
  • Reused exact password
  • 2%
  • Reused with capitalization differences
  • 39%
  • Used unique passwords Comment:
    You might be tempted to draw some conclusions about whether these users followed the common recommendation of changing their password at all sites reusing that same password following the breach. However, while we know the date that these breaches were publicized we don't know for sure that the user data was current at the time of the breach. There was some feedback from Yahoo! that their Voices database was "an older file" and may not have actually contained current user data at the time it was disclosed.

    <-- Back to Authentication Statistic Index

    [Home] [About Us] [News] [Research]

    Copyright © 2017