Need to Break a Password? Try 123456.
Posted by hyperguard on January 27, 2010
A few weeks ago we posted about how RockYou, a provider of third-party apps for Facebook, MySpace and other social-networking sites has had major problems with SQL injections in web application security. After experiencing a data breach that exposed 32 million users’ e-mails and passwords, RockYou has now analyzed the passwords that were hacked. The result? The most common password on the site was 123456.
The research also showed that 290,731 individuals used 123456 as their password. 12345 was the second most common password, used by 79,078 individuals and the third most popular password, was 123456789 used by more than 76,790 people. 30 percent of users selected a password that was six characters or less and nearly half selected names, slang words, dictionary words or consecutive digits for their password.
The breach occurred because the user’s information had been stored in plain text and was vulnerable through a SQL security hole. While using a dWAF could have prevented this hack, users should have also been using more secure passwords.
As RockYou continues to review its security procedures and implement new practices, they will need to enforce a strong password policy since most users are choosing weak passwords on their own.
To read more about RockYou’s analysis of user’s passwords, check out this SC Magazine article.
Follow this discussion on Twitter @hyperguard