A million Sony users' password/username IDs and 250,000 Gawker login credentials, each stored in plain text, were exposed via separate hacks.
Four in five of the passwords in the 37,608 account sample from the Sony hack actually only occurred once. But users are independently making poor passwords choices, Hunt reports. Around 36 per cent of the passwords used appeared in a password dictionary, a factor that would leave them wide open to brute-forcing attacks in instances where the same passwords were used and only a password hash database was exposed by a hack. Hunt reckons more than four in five (82 per cent) of the passwords would have fallen to a basic rainbow table crack.
Maybe it is just me but I think the fact that two companies, who should be using adequate security controls, stored passwords in plain text is a much more important trend then identifying that internet users use insecure passwords on sites without sensitive data.
I mean really the researcher says that 82% of the passwords would fall to a basic rainbow attack, except that the reality of the situation is the hackers didn't have to use a rainbow attack because the companies didn't bother to hash the passwords.