lecture: The leak of billions of passwords

Analysis of the password leaks of January 2019


Beginning of 2019 marked the time of many underground user:password databases leaking into the general internet. What's inside those leaks? Who's at risk? How did that happen? And what do we do now?

Leaks began in October 2018 when wordlists were stolen from a darknet user and resold slowly seeping into November beyond darknet marketplaces. Leaks went well over a terabyte of compressed archives, text files and different database formats. Tens of billions of records in total - many of them duplicate. At least 3 billion unique e-mail addresses and associated passwords were leaked.
In this talk we take a look at the tedious road that your password took from your head to your keyboard to an online account and into the leaks. We'll have nice charts of password distribution, we'll try estimating the dating of each of the leaks, and discuss what, if anything, should every one of us do to fix/prevent this.


Day: 2019-09-13
Start time: 18:15
Duration: 01:00
Room: Pupin