Dávid Gábor Uzonyi
OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks
Uzonyi, Dávid Gábor; Pitropakis, Nikolaos; McKeown, Sean; Politis, Ilias
Authors
Dr Nick Pitropakis N.Pitropakis@napier.ac.uk
Associate Professor
Dr Sean McKeown S.McKeown@napier.ac.uk
Lecturer
Ilias Politis
Abstract
Security and authentication are ubiquitous problems that impact all modern networked systems. Password-based authentication systems are still prevalent, and information leaked via other channels may be used to attack networked systems. Researchers have previously used email addresses as an identifier in leaked data breach information to understand password reuse and behaviours, but this has its limitations. In this work, we explore the use of passwords themselves as identifiers in linking accounts together to provide an alternative view of large-scale reuse. We filter for high entropy passwords on the Compilation of Many Breaches (COMB) data set, which contains 3.2 billion email/password combinations. Using this approach, we find that passwords are reused 13 times on average, with a username reuse rate of 66.7% (compared to 40% when considering emails mergers). We identify that potentially malicious actors are engaging in large-scale email and password generation and reuse, which also appears to be prominent on social media.
Citation
Uzonyi, D. G., Pitropakis, N., McKeown, S., & Politis, I. (2023, November). OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks. Presented at 2023 IEEE 28th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Edinburgh, UK
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 2023 IEEE 28th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD) |
| Start Date | Nov 6, 2023 |
| End Date | Nov 8, 2023 |
| Acceptance Date | Oct 9, 2023 |
| Online Publication Date | Mar 27, 2024 |
| Publication Date | 2023 |
| Deposit Date | Jul 12, 2024 |
| Publicly Available Date | Jan 1, 2026 |
| Publisher | Institute of Electrical and Electronics Engineers |
| Peer Reviewed | Peer Reviewed |
| Pages | 74-79 |
| Series ISSN | 2378-4873 |
| Book Title | 2023 IEEE 28th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD) |
| ISBN | 9798350303506 |
| DOI | https://doi.org/10.1109/camad59638.2023.10478420 |
| Keywords | password reuse, user credentials, OPSEC, data leak |
| Public URL | http://researchrepository.napier.ac.uk/Output/3709442 |
Files
This file is under embargo until Jan 1, 2026 due to copyright reasons.
Contact repository@napier.ac.uk to request a copy for personal use.
You might also like
Towards The Creation Of The Future Fish Farm
(2023)
Journal Article
Using Social Media & Sentiment Analysis to Make Investment Decisions
(2022)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search