Product Watch: Report Finds '123456' Most Popular Password
Imperva's study of 32 million passwords breached in last month's Rockyou.com hack finds consumer users still creating weak passwords
January 22, 2010
123456 beat out 12345 and 1234567 as the most popular password among the 32 million that were breached when the Rockyou.com social network content provider's site was hacked last month, according to a new report published yesterday by Imperva.
Imperva analyzed the strength of the passwords -- which were posted by the attacker online after the hack -- and discovered that consumers still aren't taking strong-password creation to heart. Among the data Imperva released: Thirty percent of all users had passwords of six characters or less, and 60 percent had passwords selected from a limited set of alphanumeric characters.
Close to half of the passwords used names, slang terms, dictionary words, or passwords with consecutive digits or from adjacent keys, according to Imperva's report (PDF).
RockYou, a site that offers widgets for social networking developers for MySpace, Facebook, and others, was hit by a major SQL injection attack that led to the exposure of its usernames and passwords. The hacker, who goes by "igigi," demonstrated in a blog post how he was able to get data from the site's unsecured database, which stored data in the clear. He listed the passwords, but not the usernames.
According to Imperva's findings, the top passwords in the database were (in order): 123456, 12345, 123456789, Password, iloveyou, princess, rockyou, 1234567, 12345678, and abc123.
"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second -- or 1000 accounts every 17 minutes," said Amichai Shulman, CTO of Imperva, in a statement. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024