In association with heise online

15 December 2010, 15:31

Gawker break-in: 123456 is a popular password

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

While analysing the user data stolen from US blog operator Gawker, security experts from Duo Security have also cracked 400,000 of the approximately 1.3 million DES-encrypted passwords. The experts' analysis showed that 123456 was the most frequent password, being used more than 2,500 times. It was closely followed by password, which was chosen by almost 2,200 users. 12345678 was chosen by more than 1,200 users. Next in popularity were qwerty, abc123, 12345, monkey, 111111, consumer, letmein and 1234.

Simple passwords are popular in Germany. When the database of German dating portal was hacked in 2006, 123456 was found to be the most popular password.

Duo Security states that most users are unlikely to care whether someone accesses their Gawker account. According to the experts, the real danger lies in attackers exploiting the likelihood that people have used the same credentials for multiple accounts and attempting to use the stolen credentials to access users' email accounts, online banking and VPN connections.

The security researchers also published an overview of the mail domains most commonly used by Gawker users. In this overview, Google's is clearly in the lead with 170,000 users, followed by with about 100,000 users and with about 70,000 users. also made it into the five-digit range with about 20.000 users.

The Gawker network includes the Gizmodo, Gawker, Deadspin, Kotaku, Jezebel, IO9, Jalopnik and Lifehacker blogs. Last weekend, these blogging sites' shared database, as well as other data, was found to have been stolen and published on the internet by a group called "Gnosis". Users can check whether they are among the victims of this attack on the web site, which allows them to search the published database records for their user names and email addresses.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit