Feeds

Adobe users' purloined passwords were PATHETIC

'123456' used as password by nearly TWO MILLION punters

Securing Web Applications Made Simple and Scalable

Adobe's security breach just got worse for the company and the world, after a security researcher revealed that 1.9 million of the company's customers us the string “123456” as their password.

The researcher in question is Jeremi Gosney of the Stricture Group, whose Twitter profile claims The Reg has in the past labelled him a “password security expert”. Gosney says he came across the purloined passwords on one of several online dumps and analysed them to see which passwords are most-used by Adobe customers.

The list makes for ugly reading. Here's the top 20.

Password Number of users
1. 123456 1911938
2. 123456789 446162
3. password 345834
4. adobe123 211659
5. 12345678 201580
6. qwerty 130832
7. 1234567 124253
8. 111111 113884
9. photoshop 83411
10. 123123 82694
11. 1234567890 76910
12. 000000 76186
13. abc123 70791
14. 1234 61453
15. adobe1 56744
16. macromedia 54651
17. azerty 48850
18. iloveyou 47142
19. aaaaaa 44281
20. 654321 43670

Gosney's posted the top 100 here.

Adobe first said three million passwords were pinched in the raid, then upped that number to 38 million and raised the prospect of 150 million people being at risk.

Whatever the number, the results make Vulture South wonder if criminals should have bothered breaking in to steal them: with 1.9 million users relying on “123456” there's a better than one in one hundred chance of unlocking an Adobe account with blind luck.

That this should be the case says a lot about Adobe's password regulations, and maybe Adobe users too. To be fair to the company it's conceivable that many of its users signed up in days of yore, before complex passwords were either necessary or fashionable.

A counter-argument is that the company should have encouraged users to adopt more secure passwords a long time ago. It's doing so now: accounts have been frozen until users reset their passwords. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.