With the incidents of password compromises clearly increasing, webmail services like Hotmail, Gmail, and Yahoo Mail opine that the most probable cause of the data breach from their sites is 'phishing' by hackers.

However, Mary Landesman, senior security researcher at security firm ScanSafe, has theorized that password breaches result from a data-stealing Trojan horse, and not from phishing alone. Noting that password-stealing malware on computers is responsible for password compromises, Landesman pointed out errors in the list of Hotmail passwords, which she said seemingly resulted from inappropriate extracting or merging data.

Landesman said that, going by the analysis of the leaked passwords, one of the other reasons behind the password hacking could be the multiple appearance of usernames with the same password, except for a slight variation in spelling.

Security researcher Bogdan Calin conducted a statistical analysis of over 10,000 Windows Live Hotmail passwords and highlighted the password habits of webmail users, on the Acunetix blog.

Saying that a lot of users use 'weak' and 'common' passwords, Calin found that '123456' was the most common password, followed by '123456789.'

Commenting on the findings by researchers, a Google spokesman said: "Passwords can be compromised in multiple ways, so it's a good idea to take several steps to help protect your personal information. Select unique passwords, and use antivirus software to help detect software that may try to steal your password."