7k7k.com Data Breach Analysis

7k7k.com Data Breach Analysis

Foreword

It is speculated that a Chinese gaming website 7k7k suffered a data breach in December 2011. The hack is thought to be part of a series of attacks directed at Chinese IT portals, gaming and social networking websites. The data leak has surfaced after China’s largest programmers’ website CSDN (China Software Developer Network) suffered a data breach.

What data is at risk?

The data that the 7k7k data breach has put at risk include email addresses and passwords. As 7k7k is based in China, both email addresses and passwords often include some sort of Chinese character combination.

Email addresses

There is a very wide range of email addresses used in this data breach – 7k7k clearly had users from multiple different countries. Judging from the analysis, their users mostly came from China, but the service also had users from United States, Japan, Hong Kong and Taiwan. Having multiple countries, we can also measure the distance between them, then see how far apart their customers are (all calculations are done in kilometers):

  • The distance between China and United States is approximately 11,144km;
  • The distance between China and Japan is approximately 2,099km;
  • The distance between China and Hong Kong is approximately 1,973km;
  • The distance between China and Taiwan is approximately 1,724km;
  • The distance between United States and Japan is approximately 10,903km;
  • The distance between United States and Hong Kong is approximately 13,113km;
  • The distance between United States and Taiwan is approximately 12,648km;
  • The distance between Japan and Hong Kong is approximately 2,887km;
  • The distance between Japan and Taiwan is approximately 2,102km;
  • The distance between Hong Kong and Taiwan is approximately 814km.

The average distance between customers is 5,940.7km.

The used email domains also allow us to understand which countries users originated from:

#Email DomainQuantityCountry
1163.com1,869,224China
2qq.com1,551,070China
3tianya.cn1,157,638China
4126.com659,552China
5sina.com455,188China
6yahoo.com.cn306,840China
7hotmail.com279,484United States
8sohu.com195,233China
9tom.com124,495China
1021cn.com84,261China
11yahoo.cn78,788China
12gmail.com77,557United States
13yahoo.com53,239United States
14sina.com.cn43,055China
15eyou.com37,493China
16vip.qq.com34,812China
17yeah.net28,427China
18163.net25,736China
19YAHOO.COM.TW21,655Taiwan
20msn.com17,928United States
21hainan.net17,415China
2216,645Unknown
23263.net16,286China
24live.cn11,360China
25yahoo.com.hk10,377Hong Kong
26139.com9,812China
27vip.sina.com9,595China
28123.com9,491Unknown
29citiz.net7,879Unknown
30chinaren.com7,469China
31mail.china.com7,009China
32etang.com5,810China
33avl.com.cn5,150China
34sian.com5,000China
35foxmail.com4,534United States
36163.COM.CN3,891China
37qq.com.cn3,610China
38263.com3,554China
39sogou.com3,209China
40tianya.com3,130China
41vip.163.com2,956China
42pp.com2,874Unknown
43qq.cn2,539China
44163.CN2,352China
45china.com2,320China
4663.com2,229Unknown
4756.com2,152China
48136.com1,997Unknown
49mop.com1,950China
50168.com1,939China

From the analysis of the top 50 email domains we can see that:

  • The list has 7,286,209 users in total – that means that the top 50 email domains consume 98.13680114722213% of the entire 7k7k user base;
  • The majority of users – 6,780,320 people – who used 7k7k registered from China: Chinese users consume 91.32306190428152% of the entire 7k7k user base;
  • 432,742 users registered from the United States – that’s 5.828533823563282% of the entire 7k7k user base;
  • 41,115 users registered from countries which couldn’t be identified – they consume 0.5537714577180036% of the entire 7k7k user base;
  • 21,655 users registered from Taiwan – that’s 0.2916677834581873% of the entire 7k7k user base;
  • 10,377 users registered from Hong Kong – they consume 0.13976617820113643% of the entire 7k7k user base.

Having analyzed the top 50 email domains, it is noticeable that 1.86319885277787% of the entire user base is not included in this list – that’s approximately 138,333 people.

Passwords

Having a glimpse at the most prevalent passwords used by people who used the 7k7k service, we can see that not all of the passwords used are ordinary – there’s a lot of at what might seem at first gibberish passwords among the usual ones. Here’s the top 50 passwords used:

#PasswordQuantity
1123456550,346
2111111153,044
30109,405
412345678984,680
512312368,999
6111222tianya64,822
7520131440,292
81234567826,652
912332125,119
1012321,041
1166666618,964
12wangyut217,016
1388888816,770
14775852115,754
15123456715,396
161111111113,871
17131452013,801
1811122213,197
19woaini12,856
2065432112,079
2111223311,344
22a12345610,237
23888888889,317
241236549,247
251002009,142
265205208,540
2712345678908,344
28123456a8,252
291212128,149
309999998,080
311236987457,837
32AAAAAA7,684
331101107,632
3477582587,580
351231231237,317
3652113147,147
37asdasd6,744
3811111116,669
391472586,432
40zxcvbnm5,770
41iloveyou5,765
422222225,487
431593575,418
4412345,380
45123455,251
4615,247
471472583695,169
48314159264,721
495215214,628
503333334,578

Among those passwords starting from number 60 we would have another list – this time, with unusual passwords included (unusual passwords are bold):

#PasswordQuantity
60EtnXtxSa653,728
611379003,718
621230003,652
637894563,642
64qwerty3,642
651qaz2wsx3,635
667745173973,632
67qazwsx3,518
684568523,463
694561233,454
702013143,354
711113,281
727788993,190
73sgdHhfC4x23,126
74abc1233,076
757894561232,896
76NBvBB32fa92,892
77ApjSqpM8442,876
78zzzzzz2,869
79kb9zc8uxtx2,862
80password2,740
816668882,701
825845202,699
83uifKjhF5222,674
84JxsGx2Yd872,662
857539512,622
861q2w3e4r2,607
87ndaCebx2wx2,592
881237892,537
89sxUaIehAtp2,528
90qwe1232,481
91qweqwe2,468
922m66xF2AJT2,468
93vjfLkiG5222,436
941020302,422
95cazzo10012,414
96qwqwqw2,407
97windows2,395
98asd1232,372
996Cxd2X986x2,372
10011111111112,370
101qfcFgdA3zx2,366
1021101202,365
103111112,328
104d54q7xjmhx2,328
105zxcvbn2,328
106PCwAC33gb92,324
10712301232,323
1081010102,321
10912345602,319
110qq1234562,319
1113141592,293
112i97wb6sxq72,290
1131478963252,289
114b33m6yghef2,282
1154567892,277
116xm55xExBZS2,274
117lssy1232,274
1181681682,259
119mcaBdaw2vx2,258
120CrkUrrP9542,250
121d54p7xjkha2,248
1223uc9xN53xH2,242
123jianfei0002,220
1247777772,210
125qwertyuiop2,209
1264wdaxQ642F2,194
127theIigD4x22,190
128asdfasdf2,188
1297Fxf3Jba8t2,188
130112233442,158
1311101192,157
132yniQnmK7332,154
1339876542,153
1341314212,118
13577585202,114
136zWN6Vbdvpj2,108
1377418522,078
138asdfgh2,072
1398x2h4Fddap2,052
140tangkay2,040
141LztEz2xe982,038
1427897892,025
143e65r82kni22,010
144g86ua5qsn52,008
145ymhPnmJ7331,984
1461478521,982
1476Exe3Za97v1,980
1481314201,979
1491,978
150xj453CxDXQ1,978
151VHBtH55jec1,976
1524yfb2S753C1,960
1531236547891,952
154FRI3Q9arjg1,940
1557093941,936
156ZLEnK77nge1,932
1575bt2jtzTKE1,918
1582r97xJ3xEY1,912
1599638521,893
160c44n6vijgc1,892
161a123451,886
1622113141,867
163a33k5Afgdh1,852
164xfx3ayFJRK1,844
165123012301,841
166zouyong1,838
167xgx39zGISL1,836
168majiajun88881,832
1697418529631,830
170diank1231,812
171SEyxE44hca1,796
172asdfghjkl1,781
1738xxg4Gcc9q1,768
174123412341,765
175woaiwojia1,762
176f5GhyjqHAv1,752
177caonima1,749
178DsmWssR9551,748
17970071,747
180123abc1,744
181199603091,744
182ja8yc8uxsx1,734
1838080801,733
18458452013141,726
185JMFxL78nhe1,716
186UGAuG55jdb1,716
1875zgb2T764B1,712
1889517531,709
1895556661,706
190XJCrI66kfd1,694
191xk55xDxCYR1,694
1921q2w3e1,694
1939999999991,694
194xi345BJFVP1,676
195102031,667
196200808081,659
197b43m6xhiee1,654
19833445201,644
199woaini13141,634
20028zxrpvNFA1,630
201a1234567891,623
2024564561,619
203abcd12341,611
204f76t93nqk31,610
205HvqJvxVb761,610
206123443211,606
207123456789a1,601
20811235813211,600
2093693691,597
2105793955711,596
211g76t94prm41,596
212qebEfcz3yx1,596
213252577581,583
2143216541,577
2152n66xG2zIU1,574
216wkgMkjH6231,558
2171123581,552
218HwrIwxWc761,552
219q1234561,549
220woshishui1,546
221DSK4R9bskh1,542
22228zxrpuNFA1,540
2231111111111,537
2246cs2huAULF1,534
2253sa8xK4xDZ1,528
226123456abc1,518
227GvqJvxVb761,516
2282q87xI3vFX1,512
229HPH2N89qif1,506
230AVM6Ubdunj1,500
231qazwsxedc1,489
2324xeaxR653E1,484
233200820081,484
234m2YdEgkDws1,480
2354455661,479
2365205301,478
237xh246AIGUN1,474
2385643351,473
239uIS9Zdgysn1,470
240shmily1,469
2412468101,469
24278951231,468
243RDxyD43hca1,468
244922i4Deebm1,466
2459638527411,455
246922i4Ceebk1,452
2473.14159261,452
248tianya1,448
2494444441,439
250a1231231,436
251xiaoxiao1,434
2521352461,433
253ja8yc7txs81,432
254ja8xb7txr81,422
255DsmVssQ9551,420
256BqkTqqN8441,418
257i4IfBinFyu1,416
258rui1001,410
259wang1231,409
2601234qwer1,409
261JMFxL78phe1,402
262ww1111111,397
263e65r82mnj21,392
2647Fxf3Jaa7u1,390
2655845211,388
2665Bhc2V875z1,386
267zniRpnL7441,386
2682r97xJ3xEX1,382
269e65r82mpj21,376
270x7BktntLEz1,372
271xYQ7Xcewqk1,370
2724767307511,370
273f75s83nqk31,370
274IxrHx2Xc871,366
275h87va5rtp61,362
2763366991,361
2774xebxR653D1,358
278i98xb7sxr71,356
279KytFy2xd981,354
2808x2h4Eddan1,354
281qweasd1,346
282xkhNmkI6331,344
2833tb9xM42xI1,342
2848en3dwDXPI1,338
285abc1234561,324
2865zgc2T764B1,324
287922i4Ddebm1,322
2886541231,315
289FupYuxTa661,310
2901346791,306
291xk45xDxCYR1,302
292g76u94prm41,300
2932p76xG2yHV1,296
2943651118xun1,294
295KytFy2xd971,294
296LzuDz2xe981,294
297z1234561,287
298e5FhxkqIBw1,286
2991234651,284
3002513141,283
301g86u94psn51,280
302876543211,278
303b43n6whifd1,274
3047215211,266
3054yfb2S753D1,266
306QDxzC43gba1,264
3079119111,261
3088889991,253
3092583691,253
3105Ahc2V875z1,252
311c44n6vijfc1,242
312k3ZeDhmExs1,238
3131357901,238
314a7CkuntLDy1,236
315mc9Ad9w2ux1,232
316xh248zHHTM1,232
317xfk3bxEZQJ1,224
318WIBsH56kec1,224
319a111111,223
320TFzwF44idb1,220
321wZQ8Xcfxqm1,220
322wwwwww1,218
3234vdaxP542G1,218
324pdbDfby2xx1,218
3258110091,215
3263ub9xM53xI1,212
327222222221,209
328yangyang1,208
329asdasdasd1,206
3305185181,206
331zxczxc1,203
332buzhidao1,203
333TGzvF55idb1,202
334n2XcFgjCvr1,194
3351245781,191
336aaaaaaaa1,186
337wZR8Ycfxrm1,182
338p2WcFfjCvr1,176
339h4HgAipGzu1,172
340FQI3P8arjg1,168
3411187201,166
3422323231,164
343YKDpJ67mgd1,162
344HPG2N89qif1,160
3452p76xH2xHV1,156
346abcdefg1,155
347BqkTrqN8441,154
348theIigE4x21,154
349w1234561,153
350guo1501,152
351woainima1,151
3521110001,148
353a22j5Bffci1,142
354a1111111,140
355x8AxspuMEz1,134
356majiajun1,134
357qweasdzxc1,134
3584weaxQ642E1,134
3592582581,127
360922j5Cefcj1,126
361wkgMmjH6231,122
362GvqZvxUb761,122
363ncaBeax2vx1,122
364q1w2e3r41,121
365wocaonima1,121
366vJS9Zdgyrn1,120
367f76t94prm41,110
368121212121,109
3693tb8xL42BJ1,108
370xh247AHGUM1,108
371xi345BIFVN1,106
372yXP7Wbewpk1,106
373loveyou1,104
374pebDfcz3yx1,100
375qxVbGfiBuq1,098
376qecEgdA3zx1,096
37776543211,096
378c54p7uikgb1,094
379zniQpnK7331,094
3801478523691,094
3816669991,092
382ffffff1,092
383JysGy2Yd871,090
3848x2h4Fccap1,090
3851234571,090
386BUL5Tacumi1,088
387c6DjvmsKCx1,088
388pebEfcz3yx1,088
38958452113141,088
3901201201,084
3911213141,084
392tHTaJehzsp1,084
3931191191,083
3941425361,083
395p2XcFgjCvr1,078
39633445211,077
3974wdaxP642F1,076
39852033441,076
399b43m6xhife1,074
400123456q1,073
4015841314211,072
40239xxpqwQHB1,070
4037cr2guBVMG1,070
404k3ZeChmExt1,070
4051112223331,067
4062n76xG2yIU1,066
407weiwei1,065
4085201231,062
4092q87xI3wGW1,058
410FupYuxTb661,054
4117Exe3Zaa7u1,052
412a22j5Bffcj1,052
4135Ahc2U874A1,048
414qwe1234561,048
415CrmVssQ9551,042
416123698741,042
417123456aa1,040
4188524561,037
4191.23457E+111,035
42029yxqqvPGB1,032
421zxc1231,028
422yXP7Wcewpk1,026
423pebDfcy3xx1,026
424INGxM78phf1,026
425rxVbHfiBuq1,022
426h97wa6ruq61,020
4279em3dwDYPI1,020
428g4HgzjpHzv1,018
429vjgLkiG5221,018
430UHAuG55jec1,016
431h1236987451,016
432rgdGheB4xx1,016
433FtpYuxTa651,014
4341313131,012
435CTK4Sabtmi1,010
436IwrHw2Xc871,006
437j3JeChmExt1,006
4382q87xI3wFW1,006
4393ta8xL42CJ1,006
4401473691,006
441qwer12341,005
442b6DjvmsKCx1,002
443REyxE44hca1,000
444theJigE4x2996
445xmhPnkJ633996
4461q2w3e4r5t993
44724081986990
448wanshuai198202990
449521314985
450CrmVsrQ955984
451uieJjhE5x2984
4521230982
453YKDpK67mgd978
454d6EiwkrJBx978
455BUL5Tactmi978
456forever974
457e65s83mpj2972
4587788521972
459556677971
460IwrIwxWc87970
461123456123970
4624avxmsxRID968
463521125968
464QCwzC33gb9966
465820919961
466123456987960
467aa123456957
468i4JfBinFyt948
469h87va5qtp6942
470fuckyou941
47119870111940
472nicholas939
473asd123456936
4741234566935
475kb9Ad9vxux932
476rfcGgeB3xx932
477vjfKjiG522932
4781234abcd928
479ja8yc8txsx928
4801234554321927
481x7BxtntMEz924
482worinima923
483xmhNmkI633922
4843vc9xN53xH922
485369258920
4865Ahc2U875A920
4874awxnrxRIC920
488b33k5ygheg920
489123456qq919
490258456919
491c44p7uijgb918
492QDxzD43gba916
4936Exe3Ya97v916
494DSJ4R9bskh914
4951357924680913
496NBvCA32fa9910
497520025909
4987Gxf3Ibb8s908
499110907
500922i4Deebk902

Obviously, the exact count of “unusual” passwords is up for debate, but if we take the top 500 used passwords and count passwords that were in use on the service and are classified as unusual (such passwords are visible in bold), we would have 229 instances of unusual password usage and 329,847 total unusual passwords in use.

If we count from the top 500 used passwords, 229 instances of unusual password usage would consume 45.8% of the top 500 passwords and if we count unusual passwords against all of the passwords that have been used, we could see that unusual passwords consume 4.442657278703887% of the entire user base – that means that unusual passwords have been used by approximately 329,847 people.

It is likely that these passwords were typed on keyboards that had a different layout than the “qwerty” keyboards do – in China, Pinyin is a very prevalent keyboard layout so it is likely that this layout was used. The majority of the unusual passwords consist of 10 characters and contain uppercase, lowercase letters and numbers without any special symbols – that means that it is very unlikely for them to have been generated by a password manager as the vast majority of password managers include special symbols in generated passwords unless specified otherwise.

In this case, unusual passwords are usually of 33 bits of entropy which means that they could be cracked relatively quickly – a supercomputer could crack such passwords in approximately 5 seconds and a PC with a GPU could crack such passwords in approximately 10 hours.

Summary

As the 7k7k data leak surfaced after a part of a continuous cyber attack after China’s largest programmers’ website CSDN (China Software Developer Network) suffered a data breach, this data leak might show that not all hackers choose their targets. Dubbed “the most serious Chinese user data leak in history”, this data breach should teach the affected people a lesson – users should enhance the protection of their personal account information by using password managers that allow them to choose complicated passwords and change them regularly.

Leave a Reply

Your email address will not be published. Required fields are marked *