More

The 13 Most Common Gawker Passwords Exposed

The Huffington Post   First Posted: 12/14/10 03:45 PM ET Updated: 05/25/11 07:20 PM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy
Most Common Passwords

On Sunday, hackers exposed usernames and passwords stored in the Gawker Media user database.

The Wall Street Journal analyzed the leaked data and produced a list of the top 50 commonly used Gawker passwords. Believe it or not, the list is rife with security no-nos, such as ascending numbers and easy-to-guess words.

The following are the top 13 most popular passwords, according to WSJ's examination of the 188,279 passwords that were leaked:

  1. 123456

  2. password

  3. 12345678

  4. lifehack

  5. qwerty

  6. abc123

  7. 111111

  8. monkey

  9. consumer

  10. 12345

  11. 0

  12. letmein

  13. trustno1

It is startling to note that over 3,000 users chose "123456" as their login password, according to the Journal. Almost as jarring: Nearly 2,000 people went with "password," and more than 1,000 users decided that "12345678" was a secure choice. The list also includes "gizmodo" (#19), "starwars" (#23), "f---you" (#31), "gawker" (#40) and "internet" (#50).

The hack has been affecting other websites: Twitter was hit by a spam attack that is believed to be linked to the Gawker hack. According to All Things D, "LinkedIn has temporarily disabled the accounts of any users whose email addresses turned up in the public database of hacked accounts. It's asking those users to reset their passwords." Given the simplicity of some of the most popular passwords, let's hope that nobody recycled these passwords for email or online bank accounts.

Visit the Journal to view the complete list of passwords, as well as interesting patterns in the leaked data. To see if your Gawker account was exposed in Sunday's hack, visit Slate and enter your email address into their Gawker widget.

FOLLOW HUFFPOST TECH

On Sunday, hackers exposed usernames and passwords stored in the Gawker Media user database. The Wall Street Journal analyzed the leaked data and produced a list of the top 50 commonly used Gawker p...
On Sunday, hackers exposed usernames and passwords stored in the Gawker Media user database. The Wall Street Journal analyzed the leaked data and produced a list of the top 50 commonly used Gawker p...
Related News On Huffington Post:
 

Read more from Huffington Post bloggers:
Tom Johansmeyer

Tom Johansmeyer: Nick Denton's Five Unintended Lessons for Corporate Bloggers

Often forgotten in the blogosphere, corporate blogs tend to be marketing or customer care tools that are launched and managed by companies. These blogs, appropriately, exist to advance a company in accordance with its strategy and growth objectives.

More in Technology...


 
 
  • Comments
  • 375
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
Page: 1 2 3 4 5  Next ›  Last »  (11 total)
photo
JBS
Part time misanthrope & full time curmudgeon
317 Fans
04:41 PM on 12/26/2010
My email address shows up on the Slate site as compromised. I do not have and never have had a Gawker account.

Apparently, Gawker does not verify email addresses when registering users. My email address has been associated with username: AloysisGadison.

My name is not AloysisGadison. My name has never been AloysisGadison. Neither AloysisGadison, nor Gawker has my permission to use my email address.

As a result of Gawker's mismanagement, I have had to change passwords on over a hundred online user accounts.

I have two questions:

1. Is there any way to obtain the information that was released by the hackers regarding my own email address without having to download the whole torrent? All of the sites I have found so far simply tell me my email address is compromised. I want to know the exact information that has been published associated with my email address.

2. What action can I take to seek redress from Gawker for the inconvenience forced upon me by their failure to verify the legitimacy of the email address they accepted from username: AloysisGadison?
Permalink  |
photo
usafa79
7 Fans
07:32 PM on 12/17/2010
You can easily check your username or email address using
http://www.proto6.com/gawkcheck.php.

If you are paranoid you can even send them an md5hash of your email address.
Permalink  |
Idan Shoham
0 Fans
05:03 PM on 12/16/2010
It seems that major breaches like this are becoming quite common.
What does that say about the security thinking among people operating
the compromised system, and about the security thinking among end users?

If you operate a major web site, a big security compromise like this can
kill your business. Not investing enough time, money and infrastructure
in security means putting your organization at risk of major harm, because
of bad press, lost end users, lost advertisers, etc. This is a big deal.

If you are a user whose password has been compromised, I guess it depends
on how many other systems you sign into with the same ID/password and
whether you care about compromise of any/every account that uses the
same credentials. At a minimum, once you learn about a compromise like
this, you should change your "standard, used for systems I don't care
much about" password everywhere.

In either case, you can learn about effective password management
practices: for organizations (http://bit.ly/dPhpkx) and for end users (http://bit.ly/fewec9)

- Idan Shoham, CTO, Hitachi ID Systems
Permalink  |
This user has chosen to opt out of the Badges program
photo
bnyb
sky-gazer
185 Fans
03:45 PM on 12/16/2010
OK so hackers are really sitting around on their computers trying to guess your password? Surely they have more sophisticated ways to crack through, regardless of the strength of your password?
Permalink  |
This user has chosen to opt out of the Badges program
photo
moutonnoir
1545 Fans
07:10 PM on 12/16/2010
Hi! This is Aaron in IT. We just need to run a maitenance script on your account - can you tell us your password so we can set you up?
Permalink  |
photo
JBS
Part time misanthrope & full time curmudgeon
317 Fans
04:43 PM on 12/26/2010
Apparently they didn't need to crack the passwords. They simply downloaded the entire database including usernames, email addresses and passwords as plain text.
Permalink  |
photo
HUFFPOST SUPER USER
JCurley
Suddenly it makes sense! Nothing makes sense.
260 Fans
02:39 PM on 12/16/2010
Hilarious!
Permalink  |
photo
dhiram
11 Fans
07:53 AM on 12/16/2010
What would really suck is if you are on a vacation and used a common password for all the services. And of course Gawker blew your lid.
Permalink  |
photo
lokeey
6 Fans
07:42 AM on 12/16/2010
5tUp!d p30pL3 deserve to get h4qu3d!
Permalink  |
photo
waldopepper
I'd tell you all about me if you were my friend.
518 Fans
03:40 AM on 12/16/2010
My advice is as follows, use everything you can. Letters, symbols, case sensitivity and numbers. For example I often include the following symbol. ^

Then I capitalize all the vowels in the nonsensical word I use. Something like codac. Then I add a number at the end, 95. (For example.) So in the end you end up with ^cOdAc95

Then I add change it every month. With a code that represents the month itself. For December it might be C12. So the final password is ^cOdAc95C12
November is B11
October is A10
September is 09
August 08

I'm sure you get the idea by now.

You would be surprised how easy it is to remember a password when you make a rule(s) to govern their creation. To recap mine is; add a symbol, capitalize the vowels (or the consonants). Add a number. Make an additional rule to change it each month.

No reason to make it easy for hackers, or hard for yourself.
Permalink  |
photo
jamsie
Religion has no place in civic discourse
449 Fans
02:43 AM on 12/16/2010
A friend of mine got me this program that generates random passwords up to 21 charters in length, of any combination of upper and lower case letters, numbers and symbols. I can't see anyone hacking some of the passwords I use now. The only drawback is remembering the darn things. I stopped using the "remember password" function in my browser when I read that it can be hacked, so I have to write them down somewhere. Since I change them every month or so, getting familiar with them so that you remember is not on. So I keep an index card in my safe with my current passwords. I work from home, so I don't have to worry about anyone seeing the list. It's a pain in the butt, but I think it's well worth the trouble. I just wish there was an easier way.

HuffPost member "maatpublish" below has a neat idea of using ancient Egyptian words. Maybe I will start using Irish Gaelic words spelled backwards.
Permalink  |
photo
Red chilliMedia
0 Fans
02:29 AM on 12/16/2010
Good study! Now people should rethink when they choose a password with other sites. http://www.redchillimedia.com
Permalink  |
This user has chosen to opt out of the Badges program
photo
moutonnoir
1545 Fans
07:12 PM on 12/16/2010
i would rather cut my hand off than use a web "designer" i found via huffpost spam.. just a idea.
Permalink  |
photo
HUFFPOST SUPER USER
editor
My Two "Sense"
173 Fans
02:17 AM on 12/16/2010
12345...? Jeez; talk about lack of imagination.....
Permalink  |
photo
HUFFPOST SUPER USER
Mannock
Just flew in from Chicago and my arms are tired.
201 Fans
01:03 AM on 12/16/2010
Where's swordfish?
Permalink  |
photo
GrantS
I'm liberal through and through.
1824 Fans
12:41 AM on 12/16/2010
My account got hacked and I had the password aqswdefrgt

I was seriously surprised to get hacked. I now use numbers, letter and symbols and have increased the length.
Permalink  |
photo
bigmovieman
Apparently my microbio did not meet the guidelines
125 Fans
12:40 AM on 12/16/2010
so... 1234567 is safe?
Permalink  |
photo
HUFFPOST SUPER USER
HarmNone
Censorship: Reaction of the ignorant to freedom
609 Fans
12:32 AM on 12/16/2010
Have to admit I did use #13, but was typed a little differently. Previously had to have different passwords every 6 weeks and that's a lot of passwords to keep track of, so doing phrases and substituting numbers for certain letters was the only way I had to keep my sanity logging on every day.
Permalink  |
Page: 1 2 3 4 5  Next ›  Last »  (11 total)