Gawker break-in: 123456 is a popular password
While analysing the user data stolen from US blog operator Gawker, security experts from Duo Security have also cracked 400,000 of the approximately 1.3 million DES-encrypted passwords. The experts' analysis showed that
123456 was the most frequent password, being used more than 2,500 times. It was closely followed by
password, which was chosen by almost 2,200 users.
12345678 was chosen by more than 1,200 users. Next in popularity were
Simple passwords are popular in Germany. When the database of German dating portal flirtlife.de was hacked in 2006, 123456 was found to be the most popular password.
Duo Security states that most users are unlikely to care whether someone accesses their Gawker account. According to the experts, the real danger lies in attackers exploiting the likelihood that people have used the same credentials for multiple accounts and attempting to use the stolen credentials to access users' email accounts, online banking and VPN connections.
The security researchers also published an overview of the mail domains most commonly used by Gawker users. In this overview, Google's gmail.com is clearly in the lead with 170,000 users, followed by yahoo.com with about 100,000 users and hotmail.com with about 70,000 users. Aol.com also made it into the five-digit range with about 20.000 users.
The Gawker network includes the Gizmodo, Gawker, Deadspin, Kotaku, Jezebel, IO9, Jalopnik and Lifehacker blogs. Last weekend, these blogging sites' shared database, as well as other data, was found to have been stolen and published on the internet by a group called "Gnosis". Users can check whether they are among the victims of this attack on the didigetgawkered.com web site, which allows them to search the published database records for their user names and email addresses.