Welcome to duststar theory

Analysis on Global Maplestory (GMS) leaked accounts

Autor duststar

Following this post.

I am posting a short analysis on the leaked accounts.

A total of 139 accounts were leaked. The attackers may have more because the “id”s were in running sequence (which seems to indicate it was “ripped” off from a database or any structured data source).

Findings

1. There were 3 accounts that uses same credentials for both login ID and password.

2. Shortest password length was 6.

Examples:
112991
kablam
dragon
123123
123321
hacker
abc123
123456
……

Examples:
narutoistheb
fataliity225
412173lesche
manquehue199
samsung770k1

4. There were 113 (81.29%) unique passwords and  26 (18.71%) duplicated passwords.

 Examples of duplicated passwords used:
pokemon = 2
112991 = 2
kablam = 3
pspds3 = 2
21coryt21 = 2
123123 = 2
annaviv1 = 2
i2345i = 2
pokemaniac = 3
stephanie = 2
google = 2
kiko052500 = 2

5. Passwords used by players are generally WEAK.

Weak = 107 (76.98%) e.g. yonatan
Medium = 32 (23.02%) e.g. samsung770k1

Conclusion

1. People are still using WEAK passwords.
2. If these passwords are stored in anywhere, they should be at least hashed with a industry recognised hashing algorithmn such as MD5, SHA1 etc and salted.
3. You should consider changing your account passwords to at least 12 characters with mixture of alphabets (big and small), and numbers. If possible, include in symbols such as !.$.? etc.

.duststar