What LulzSec logins reveal about bookworms

Darien Graham-Smith
16 Jun 2011
Lulz

Today the hacking group LulzSec posted 62,000 hacked email usernames and passwords online. But don’t panic: I’ve been through the list and I can confirm that none of my details have been compromised. So far.

Not everyone has been so lucky, though. As I write this, unscrupulous voyeurs around the globe are sifting through these compromised email accounts looking for… well, whatever they can find. We’ve heard of people finding login details for social-networking sites, online-dating services and even porn sites.

Here at PC Pro we can’t condone such behaviour, fascinating though it would doubtless be to gain such an insight into a stranger’s private life. Happily, the email addresses and passwords themselves are quite revealing.

Where the passwords came from

LulzSec hasn’t said where these credentials came from – in fact, it’s explicitly said they’re “random assortments from a collection.” But the email domains to which the passwords grant access break down as follows:

PieChart

Nothing too shocking there, except an unexpected skew towards Brazil. More revealing, perhaps, are the usernames and passwords that people have chosen for themselves.

Email usernames

Email accounts must be unique within their domain, so there's not much repetition. And, unsurprisingly, many people seem to use some variation of their real name: the addresses contain hundreds of Johns, Roberts and Marys (and just as many Diegos and Felipes).

But many more fanciful terms also come up repeatedly in the LulzSec archive. Of 62,000 leaked leaked addresses, 29 include the word “goddess”, while 37 users identify as some sort of “vamp” or "vampire". Sixty two call themselves either a prince or princess, while 68 call themselves king and a whopping 85 go by queens.

77 users have the word “dragon” in their email address, while 127 go with “bear”

On a similar theme, 77 users have the word “dragon” in their email address, while 127 go with “bear”. Closer to home, 135 of the email addresses include the term “sex”, and 204 of them refer to “love”. Over 300 referred, in some way or other, to "lady".

Surprisingly, though, the most popular term I could find was “book”, featuring in 326 different usernames.

Why is that? Mikko Hyppönen of F-Secure theorised on his Twitter feed that many of these credentials must have come from a community for aspiring authors. And when we look at the passwords that people have chosen for themselves, that seems a very plausible surmise.

Bookish passwords

Of the 62,000 passwords released by LulzSec, the most-used is “123456”, which comes up 568 times. The next most common password is “123456789”, with 184 occurrences. So far so predictable, and the next hit – “password”, at 133 occurrences – is no more surprising.

The next most common password, however, is “romance”, at 88 occurrences (tying with the rather more prosaic “102030”). After that, with 67 occurrences, is “mystery”.

The theme continues: skipping over some more variations on the numeric theme, other popular passwords include “shadow” (62), “bookworm” (54), “reader” (52), “reading” (47), “booklover” (33) and “library” (26). It all points in a clear direction; and if you’re still doubtful, perhaps the smoking gun is the fact that 30 people have chosen “writerspace” as their password.

What have we learnt?

Clearly, this is a back-of-an-envelope breakdown of a mixed mass of unverified data. But for all that, it gives a fascinating glimpse of some other people’s lives. And it gives an interesting insight into the way people choose their passwords: in this case, apparently, on a theme that reflects the nature of the site they're visiting.

If you’d like to study the leaked information further – but don’t want to get involved in dodgy downloads – I've put together a stripped list of the passwords. I’ve removed the usernames and domains so this data can’t be used for nefarious purposes, but you can still carry out whatever analysis you like, and I'm sure there are plenty more interesting patterns to tease out (I've noticed a distinct Disney theme, for example). I’d be delighted to hear your findings.

Also, I’d be very happy to hear if anyone can explain why the seventh most common password in the data file – apparently shared by 62 users – is “ajcuivd289”.

Read more about: