Originally Posted by
seapoint
Was it only cases where usernames/passwords were the same? If not, then how can you even tell that the passwords were weak if you are following basic secure account practices (hashing passwords).
The majority of the 250 accounts had the same username and password, we know what passwords they were trying to submit from the logs. They tried passwords like "password" or "1234567890".