RockYou breach exposes world's most popular passwords

Posted on 21 Jan 2010 at 18:40

RockYou, one of the world's largest application developers on Facebook, was recently hacked and an investigation by security firm Imperva, which analysed the 32 million passwords exposed by the breach, revealed the world's most popular passwords. In short, it's amazing to think that people are still using trivial passwords easily cracked by hackers using automated attacks.

Imperva said that nearly 50 per cent of the 32 million passwords studied were either names, slang words, dictionary words or trivial passwords (i.e. consecutive digits, adjacent keyboard keys, etc) and, believe it or not, the most common password is '123456'.

The remainder of the top 10 passwords used by RockYou subscribers include '12345', '123456789', 'Password', 'iloveyou', 'princess', 'rockyou', '1234567', '12345678' and 'abc123'. The firm said that the shortness and simplicity of these passwords make users who choose a simple string of characters "susceptible to basic forms of cyber attacks known as brute force attacks."

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second - or 1,000 accounts every 17 minutes," explained Amichai Shulman, CTO of Imperva. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine."

For enterprises in particular, simple and easy to crack passwords can lead to serious security breaches. "Employees using the same passwords on Facebook that they use in the workplace can bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like '123456'," added Shulman.

Author: Tim Smalley