Skip to main content

Adobe hack: '123456' tops list of most-used passwords

"123456" tops the list of most frequently used passwords, according to researchers analysing the data dump pulled from Adobe's servers by hackers.

The recent breach of Adobe customer data on 4 October was one of the most serious in history, and its true gravity has steadily become known. Adobe has since scrambled to recoup some its losses.

Early reports disclosed that 3 million Adobe customers had lost encrypted credit card details to the hackers, opening up a massive potential for identity fraud. One security expert described the loss of data as Adobe losing "its crown jewels".

On top of that, as many as 38 million active accounts may have been compromised, and a whopping 150 million usernames and passwords have apparently been compromised and started circulating online for criminals and fraudsters to get their hands on.

The good news, if any news could be described as good in this situation, is that security researchers have been allowed a fascinating glimpse into the common password habits of the average Internet user. Such information is usually pretty hard to come by due to data protection, and Adobe's catastrophic leak of customer information has ironically provided something of a boon for the security industry in this regard.

Security researcher Jeremi Gosney conducted a study on the massive dataset, assessing which passwords were most frequently used by Adobe users.

According to the research, "123456" came out as the most popular password, with 1.9 million instances, representing 1.26 per cent of all users. This was closely followed by "123456789", "password" and "adobe123".

"1234567890", "1234567", "1234", "123123", and "abc123" were strong contenders too, all featuring in the top 20 passwords used.

Slightly more surprising are "qwerty" and "azerty" (the first six letters used on keyboards in France and Belgium), as well as the touching "iloveyou".

Security researchers and white-hat hackers who conduct penetration tests on systems are already using the data dump to refine their word lists used in so-called "brute force" attacks. No doubt their black-hat counterparts in the criminal underworld will be doing the same, so companies and users should take the research as a dire and serious warning.

In August, Google revealed the most common passwords used, finding that in a sixth of cases, users were using their pets' names.

For now, if users think they might have been affected by the Adobe breach, they can check if their log-in was stolen with a free tool designed by @hilare_belloc.