Product Watch: Report Finds '123456' Most Popular Password

Imperva's study of 32 million passwords breached in last month's Rockyou.com hack finds consumer users still creating weak passwords

Dark Reading logo in a gray background | Dark Reading

123456 beat out 12345 and 1234567 as the most popular password among the 32 million that were breached when the Rockyou.com social network content provider's site was hacked last month, according to a new report published yesterday by Imperva.

Imperva analyzed the strength of the passwords -- which were posted by the attacker online after the hack -- and discovered that consumers still aren't taking strong-password creation to heart. Among the data Imperva released: Thirty percent of all users had passwords of six characters or less, and 60 percent had passwords selected from a limited set of alphanumeric characters.

Close to half of the passwords used names, slang terms, dictionary words, or passwords with consecutive digits or from adjacent keys, according to Imperva's report (PDF).

RockYou, a site that offers widgets for social networking developers for MySpace, Facebook, and others, was hit by a major SQL injection attack that led to the exposure of its usernames and passwords. The hacker, who goes by "igigi," demonstrated in a blog post how he was able to get data from the site's unsecured database, which stored data in the clear. He listed the passwords, but not the usernames.

According to Imperva's findings, the top passwords in the database were (in order): 123456, 12345, 123456789, Password, iloveyou, princess, rockyou, 1234567, 12345678, and abc123.

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second -- or 1000 accounts every 17 minutes," said Amichai Shulman, CTO of Imperva, in a statement. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights