You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Gathering-weak-npm-credentials.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,7 @@ Taking dependencies into an account, to my estimations about 52% of the ecosyste
52
52
* One of those 4 users from the top-20 list set their password back to the leaked one shortly after it was reset (so it got reset again).
53
53
* At least one password was significantly inappropriate — to the extent that one wouldn't want that to be linked to them online and could be publicly blamed in that case (i.e. not just a swearword). [Don't use offensive passwords](https://medium.com/@malcomvetter/offensive-passwords-451371ccd02e) — those could (and in this case were) leaked to the public in cleartext.
***10% of users reused their leaked passwords**: 9.4% — directly, and 0.6% — with very minor modifications.
55
+
***10% of users reused their leaked passwords**: 9.7% — directly, and 0.6% — with very minor modifications.
56
56
* Total downloads/month of the unique packages which I got myself publish access to was 1 946 302 172, that's **20% of the total number of d/m** directly.
0 commit comments