Feeds

Adobe users' purloined passwords were PATHETIC

'123456' used as password by nearly TWO MILLION punters

Protecting against web application threats using SSL

Adobe's security breach just got worse for the company and the world, after a security researcher revealed that 1.9 million of the company's customers us the string “123456” as their password.

The researcher in question is Jeremi Gosney of the Stricture Group, whose Twitter profile claims The Reg has in the past labelled him a “password security expert”. Gosney says he came across the purloined passwords on one of several online dumps and analysed them to see which passwords are most-used by Adobe customers.

The list makes for ugly reading. Here's the top 20.

Password Number of users
1. 123456 1911938
2. 123456789 446162
3. password 345834
4. adobe123 211659
5. 12345678 201580
6. qwerty 130832
7. 1234567 124253
8. 111111 113884
9. photoshop 83411
10. 123123 82694
11. 1234567890 76910
12. 000000 76186
13. abc123 70791
14. 1234 61453
15. adobe1 56744
16. macromedia 54651
17. azerty 48850
18. iloveyou 47142
19. aaaaaa 44281
20. 654321 43670

Gosney's posted the top 100 here.

Adobe first said three million passwords were pinched in the raid, then upped that number to 38 million and raised the prospect of 150 million people being at risk.

Whatever the number, the results make Vulture South wonder if criminals should have bothered breaking in to steal them: with 1.9 million users relying on “123456” there's a better than one in one hundred chance of unlocking an Adobe account with blind luck.

That this should be the case says a lot about Adobe's password regulations, and maybe Adobe users too. To be fair to the company it's conceivable that many of its users signed up in days of yore, before complex passwords were either necessary or fashionable.

A counter-argument is that the company should have encouraged users to adopt more secure passwords a long time ago. It's doing so now: accounts have been frozen until users reset their passwords. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.