Thursday, July 12, 2012

Yahoo breach: Swiped passwords by the numbers

f there's one thing to learn from the recent security breach at Yahoo, it's that we need to be more creative with our passwords.

Hackers yesterday exposed more than 450,000 login credentials, which appeared to be gleaned from Yahoo. The hackers said they hoped this would be taken as a wake-up call to the parties responsible for the security of the hacked site, but individuals should also see this as a warning to strengthen their own personal passwords.
CNET's Declan McCullagh wrote a program to analyze the most frequently used passwords and e-mail domains that surfaced in the breach. The following tidbits are culled from his effort:
• 2,295: The number of times a sequential list of numbers was used, with "123456" by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.
• 160: The number of times "111111" is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative "000000" is used 71 times.
• 780: The number of times "password" was used as the password. Apparently, absolutely no thought went into security in these instances.
• 233: The number of times "password" was used in conjunction with a few numbers behind it. Apparently, the barest minimum of thoughts went into security here.
• 437: The number of times "welcome" is used. With a password like that, you're just asking to be hacked.
• 333: The number of times "ninja" is used. Pirates, unfortunately, didn't make the list.
• 137,559: The number of Yahoo credentials that were leaked.
• 106,873: The number of Gmail credentials that were leaked. Hotmail, which was the next most frequently cited e-mail service, had fewer than half the number of users hit.
• 161: The number of times "freedom" is used, suggesting a lot of patriotic users. "America" was used 68 times.
• 161: The number of times the f-word is used in some combination. There are a lot of angry people out there.
• 133: The number of times "baseball" appears as a password. It's the most popular sport on the list, proving that it is indeed America's national pastime. It just may not be the best password.
• 106: The number of times "superman" is used as a password. That's nearly double the amount of times "batman" is used and triple the frequency of "spiderman."
• 52: The number of times "starwars" is used. The force is not with this password.
• 32: The number of times "lakers" appears. It tied with "maverick," although fortunately "the_heat" or "celtics" weren't on this list.
• 56: The number of times "winner" is used.
• 27: The number of times "ncc1701" is used as a password. For those of you who aren't trekkies, that's the designation code for the Starship Enterprise. "startrek" is used 17 times, while "ncc1701a," the designation for the Enterprise used in later Star Trek movies, is used 15 times.
Chances are, if you're a trekkie or comic book fan, you should probably change up your password.

No comments:

Post a Comment