An interesting blog on details how the

author obtained 20,000 MySpace login combos (email/password) via somebody

else’s phisihing attempts.  He then went

on to analyze the email addresses in order to build up a profile of your

average phished user—needless to say AOL, Hotmail and Yahoo came top of the

list (although one would expect those to be the most heavily spammed domains

too).  When it came to analysing the

passwords there were of course people who entered ‘password’ and ‘abc123’ but

on the whole they weren’t too bad; a clear majority of the passwords were 6

characters or more with 65% including numbers.

Take a look at the blog
for a full analysis.