Top Ten Hacked Passwords Out Of 64 Million

Image to represent being hacked

Creative Commons image from techno llama

In this article we will go through 64 million ancient passwords and examine the most insecure passwords. When we say ancient passwords we mean passwords leaked from  2008 or earlier through 2010. This is our first article examining the 64 million ancient passwords and don’t worry, we will write an article examining  passwords from 2011 through 2013 in the near future. Some of the ancient passwords are from sites that were hacked like rockyou, faithwriters, etc.  While 64 million leaked passwords isn’t a lot, it is enough for the purpose of this analysis. It is worth noting that all of these passwords are in plain-text, meaning anyone can read them.

  1. the number one password was 123, which was used 77,838 times out of 64 million passwords. People used 123 with other characters 631,123 times and when I say with other characters, I mean with a password like password123 or any other combination of characters that contained 123. Please do not use password123 as your password, unless you want to be hacked.
  2. The second most popular password  is 000 which was used 63,087 times and was used with other characters 162,083 times.
  3. The name Ryan was used 43,000 times with other characters. Other common names like Daniel were used 36,175 times with other characters.
  4. 3 asterisks were used as a password  12,003 times.
    The password abc was used 8,655 times.
  5. The word sex was used as a password 6,004 times, and 177,803 times with other characters.
  6. password was used 5,093 times as a password, yet people used  it with other characters over 7,000 times.
  7. 123456 was used 4,722 times as a password and 44,456 times within a password.
  8. The word god was used as a password 3,567 times and 76,736 times with other characters.
  9. Ninja was used as a password 1326 times and in conjunction with other characters 5908 times.
  10. the word link was used as a password 2,084 times and with other characters 45,667 times.
    Update: Dan Goodin, a reporter for ArsTechnica reported some very strong passwords being cracked from leaks after 2010. We checked  the 64 million passwords that we have for the ones that Dan reported, yet none of them were used in the password set that we are currently using.  We hope to find longer passwords when we examine the leaks from 2011-2013.

    What can we learn from these ancient passwords? A lot. We’ve learned that people like short passwords, despite how insecure they are. We urge you not to use a short password. You need to use a complex password with uppercase characters, numbers, and symbols. Avoiding dictionary words is something you should always try to do along with your birthdate. Don’t use your username as your password even if it isn’t a dictionary word. There are simple things you can do to make your password more secure.   The word link might be popular due to the video game character named Link or it may be due to hacked linkedin passwords that no one ever heard about.  The Linkedin hack of 6 million leaked passwords happened in 2012, so it isn’t in this article.A lot of sites are so insecure that using a password to hack an account is a last ditch resort. Still, a lot of people steal passwords and won’t think twice before their bot hacks your account.

  11. Let us know what you think of these ancient leaked passwords in the comments! We like to hear your feedback whether it is positive or negative.

Planet Zuda, LLC is an internet security consulting company that provides companies large and small with their web application security.

Posted in security
css.php
terms of use | privacy policy