ok, so it was leaked passwords....but from where?
From everywhere. From pron.com, for example. Plaintext usernames, emails, and passwords. With .mil addresses and admin addresses to boot. They are there if you bother to look.
From a csv file I have of the pronz.com list:
Hi! We like porn (sometimes) so these are email/password
combinations from pron.com which we plundered for the lulz
Check out these government and military email
addresses that signed up to the porn site...
They are too busy fapping to defend their country:
for what reasons?
For money and for the lulz, as above.
on what devices?
Everything.
Also if PWs are from web pages? what are the pages?
Pron, government, banking, shopping, etc...
because if they are not secure pages (work, banks, personal info) most people simply dont care.
This is the problem, in a nutshell. People just don't care about even their banking passwords.
I mean to leave comments on damn near any page, you need to register. I know on some pages ive created accts to leave a post and never plan on going back, im sure ive used some weak passwords for those sites.
The thing is that people use the same "throw away passwords" everywhere. The same ones, across multiple sites including banking. Many of the above uname/password pairs worked in gmail and facebook.
"But it's too much trouble to have different passwords everywhere"
No it isn't. It's actually easier. Use a password manager. It's like a keyring, but not only do the keys fit only individual locks, the "keyring" (password manager) does the typing for you for password generation and logins. For example, through some of my own dumbassery (which I realized within 10 minutes of the dumbassery), I had to reset all my passwords one day. It took me only an hour with Lastpass including generating secure passwords. It would have taken me the better part of half-a workday to reset them manually.
Yahoo lost control of my login credentials twice. Apparently I have been to Sweden and Bulgaria. After that, I got a password manager and never looked back.
You will have to take my password manager from my cold dead hands.
"But what if the password manager goes tits-up?"
You export your credentials to a .csv file and print it out and save in a safe place offsite.
All my passwords look like this: GvY0H025195BfN2MleZWx5Sra
Try finding that in a rainbow table.
its a little hard to claim anything based on this data that is worth anything.
Only because you lack imagination.
--
BMO