Libero.it Password Leak - An Analysis In-Depth

Libero.it Password Leak

An Analysis In-Depth

Rocco Gagliardi
by Rocco Gagliardi
time to read: 7 minutes

Keypoints

Hackers and Crackers know your Password Choices

  • The password leak of LiberoMail provides a solid data-set to analyze password behavior of users
  • Womens passwords tend to be more secure
  • Users born in the 90s use safer passwords
  • Always use dual-factor authentication to be protected from such leaks

One evening, during my holidays in Italy, with a couple of friends we joked about how passwords are used that protect many aspects of our electronic life. Since we were from different villages, we started to joke about possible password variations related to the territory. Meanwhile, between a drink and the other, I wondered if I could analyze the passwords with other parameters, such as gender, age, address.

The Libero.it leak

In 2016, the Italian email hosting service LiberoMail revealed an attack resulting in exfiltration of many database records. Not well implemented security measures exposed user and passwords in clear text along with the address and some other user’s details. The LiberoMail users database was breached.

I decided to take a look at the data, clean them up (in addition to the security problem, they also had a data normalization problem), put everything in a database and run some queries on it.

The Data-set

The data set consists of approx. 700,000 records, not all with complete fields. In many cases, for example, the age has been extrapolated from the user name, from the e-mail address or even from the password itself.

Some simple counts

Measure Value
Total records 700,517
Records without passwords 33,332
Records without information 97,569
Italian users 696,023
Other users 4,994

Gender and Age

The gender (declared by user) and the age distribution are reported in the next charts:

Breakdown of Gender and Age

The Analysis

Using our self-developed tools, we cleaned and normalized the raw-data and put the results in a relational DB.

For the analysis, we identified following characteristics:

Password

User

The Results

Password Length

Following charts shows how the password length varies if compared with gender, age, and region.

Password length by gender

Password length by age

Password length by region

Remarks:

Password complexity

Following charts shows how the password complexity varies if compared with gender, age, and region (one point for each lowercase-, uppercase-, number-, punctuation-category).

Password complexity by gender

Password complexity by age

Password complexity by region

Remarks:

Password Complexity vs Length

Following chart shows how the password length and complexity are related.

Password complexity by length

Remarks:

Usage of Common Names

Following chart shows how the user makes use of common names (most Italian used first and last names), aggregated by gender and region.

Usage of common names in passwords

Remarks:

Special Passwords

Following charts shows how the female and male users uses the specific passwords juventus, napoli, amoremio, 123456.

Female usage of special passwords, by region

Male usage of special passwords, by region

Remarks:

Top Passwords

Following charts shows the top 20 passwords and the top 20 passwords containing a common name.

Top passwords

Top passwords containing common names

Remarks:

Conclusion

Women seem to have safer passwords than men, even if in the north they exaggerate with the use of common names. Nice as usual the diatribes between Juventus and Napoli that remind us how in Italy football is always a protagonist.

The conclusion is to use at least dual-factor authentication for any of your accounts containing sensitive data. That means for every account.

About the Author

Rocco Gagliardi

Rocco Gagliardi has been working in IT since the 1980s and specialized in IT security in the 1990s. His main focus lies in security frameworks, network routing, firewalling and log management.

Links

Are your passwords also traded on the Darknet?

Our experts will get in contact with you!

×
Transition to OpenSearch

Transition to OpenSearch

Rocco Gagliardi

Graylog v5

Graylog v5

Rocco Gagliardi

auditd

auditd

Rocco Gagliardi

Security Frameworks

Security Frameworks

Rocco Gagliardi

You want more?

Further articles available here

Are your passwords also traded on the Darknet?

Our experts will get in contact with you!

You want more?

Further articles available here