Over 23 million accounts breached

In Opinions

Tomas Foltyn, security writer at ESET highlights the notorious six-digit string continues to ‘reign supreme’ among the most-hacked passwords.

An analysis of the 100,000 most-commonly re-occurring breached passwords confirms that ‘123456’ is the undisputed king of atrocious passwords.

Using data from Have I Been Pwned (HIBP), a website that allows users to check if their email addresses or passwords have appeared in a known data breach, the United Kingdom’s (NCSC) has found that 23.2 million user accounts worldwide were “secured” with ‘123456’. Its close, and similarly poor, relative, ‘123456789’, was used 7.7 million times, leaving the door just as wide open for cybercriminals. Other stalwarts among the most common passwords – ‘qwerty’, ‘password’ and ‘1111111’ – rounded out the top five.

And perhaps just as unsurprisingly, many of the most-hacked passwords were made up of names, soccer teams, musicians, and fictional characters. Some of the most popular choices each appeared in hundreds of thousands of passwords.

Source: NCSC

The NCSC made available the entire list of the 100,000 most commonly re-occurring passwords for breached user accounts. Overall, the NCSC’s findings may well bring echoes of other analyses of the most commonly re-occurring passwords. As we also reported late in 2018 and 12 months earlier, studies conducted annually by password security company SplashData produced very similar results.

At any rate, if any of your passwords appears on the NCSC’s list, you would be very well advised to change it post-haste, and perhaps use some of our guidance for picking passwords or passphrases that are both strong and unique. You can also use our how-to guide to check on HIBP if any of your online accounts may have been the victim of a known breach.

Setting up multi-factor authentication wherever possible will add an extra layer of security in exchange for very little effort.

Alongside the password risk list, the NCSC also published the results of its first ‘UK Cyber Survey’, which sought to find more about people’s awareness of, and attitudes towards, cybersecurity.

The survey, which gathered input from more than 2,500 people in the UK between November 2018 and January of this year, found that only 15% say they know “a great deal” about how to protect themselves from harmful cyber-activity. Most (68%) said that they know “a fair amount”.

More than two-thirds of the respondents believe that they will likely fall victim to at least one type of cybercrime over the next two years. The most prevalent concern was money being stolen, as 42% fear that this is likely to happen by 2021.

In order to learn more about the concerns of the US public about cybercrime, you may want to read our recent blog post about the ESET Cybersecurity Barometer. We have also published a parallel report for Canada.


You may also read!

Dhrupad Trivedi joins A10 Networks as the new CEO

A10 Networks announced that Dhrupad Trivedi has joined the company as its new President and Chief Executive Officer. Lee


Qualys launches new Vulnerability Management, Detection and Response app 

Qualys, announced its new Vulnerability Management, Detection and Response (VMDR) app to provide customers with one streamlined workflow to scan, investigate, prioritize and neutralize threats. Comments


Threats from 5G connectivity

Trend Micro’s latest research explored the threats to 5G connectivity from SIM jacking, identity fraud, fake news, and poisoning


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu