On January 19th we downloaded Collection #1 to make statistics on its content (you might find more information here). During these days we finished the two main activities to be able to answer some more questions about its data: (i) ELK import and (ii) building of simple views to
It is interesting to compare the differences between Part 1 and Part 2, since the panorama of the most leaked email’ domain names changed quite a bit. Yahoo, Mail.ru, and Hotmail follow Gmail, which stands on top of the raking list. If you remember the same graph in Part1 you might appreciate a nice difference in ranking list where yahoo, gmail, aol and hotmail were leading the pics.
While there are a lot of unique entries (unique emails), there are several emails leaked multiple times. Testing emails such as: firstname.lastname@example.org, email@example.com and firstname.lastname@example.org as well as email@example.com, firstname.lastname@example.org and email@example.com and private emails belonging to gmail are the most leaked ones. It was also possibile to see multiple credentials (same email and password) within multiple file entries which highlights an insane reuse of credentials.
Focusing on the most recent folders: “NEW combo semi private” and “MAIL ACCESS combos” and assuming the folder name is explicit, we might observe most of the “recent combos” (please see Part1) belong to EU and RU.
Further data and conclusions are available in the blog post published by Marco Ramilli, founder and CEO Yoroi, in his blog.