X

Yahoo breach: Swiped passwords by the numbers

CNET breaks down the most commonly used passwords, from 123456 to startrek, exposed in the recent Yahoo hacking.

Roger Cheng Former Executive Editor / Head of News
Roger Cheng (he/him/his) was the executive editor in charge of CNET News, managing everything from daily breaking news to in-depth investigative packages. Prior to this, he was on the telecommunications beat and wrote for Dow Jones Newswires and The Wall Street Journal for nearly a decade and got his start writing and laying out pages at a local paper in Southern California. He's a devoted Trojan alum and thinks sleep is the perfect -- if unattainable -- hobby for a parent.
Expertise Mobile, 5G, Big Tech, Social Media Credentials
  • SABEW Best in Business 2011 Award for Breaking News Coverage, Eddie Award in 2020 for 5G coverage, runner-up National Arts & Entertainment Journalism Award for culture analysis.
See full bio
Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
See full bio
Roger Cheng
Declan McCullagh
3 min read

If there's one thing to learn from the recent security breach at Yahoo, it's that we need to be more creative with our passwords.

Hackers yesterday exposed more than 450,000 login credentials, which appeared to be gleaned from Yahoo. The hackers said they hoped this would be taken as a wake-up call to the parties responsible for the security of the hacked site, but individuals should also see this as a warning to strengthen their own personal passwords.

CNET's Declan McCullagh wrote a program to analyze the most frequently used passwords and e-mail domains that surfaced in the breach. The following tidbits are culled from his effort:

• 2,295: The number of times a sequential list of numbers was used, with "123456" by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.

• 160: The number of times "111111" is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative "000000" is used 71 times.

• 780: The number of times "password" was used as the password. Apparently, absolutely no thought went into security in these instances.

• 233: The number of times "password" was used in conjunction with a few numbers behind it. Apparently, the barest minimum of thoughts went into security here.

• 437: The number of times "welcome" is used. With a password like that, you're just asking to be hacked.

• 333: The number of times "ninja" is used. Pirates, unfortunately, didn't make the list.

• 137,559: The number of Yahoo credentials that were leaked.

• 106,873: The number of Gmail credentials that were leaked. Hotmail, which was the next most frequently cited e-mail service, had fewer than half the number of users hit.

• 161: The number of times "freedom" is used, suggesting a lot of patriotic users. "America" was used 68 times.

• 161: The number of times the f-word is used in some combination. There are a lot of angry people out there.

• 133: The number of times "baseball" appears as a password. It's the most popular sport on the list, proving that it is indeed America's national pastime. It just may not be the best password.

• 106: The number of times "superman" is used as a password. That's nearly double the amount of times "batman" is used and triple the frequency of "spiderman."

• 52: The number of times "starwars" is used. The force is not with this password.

• 32: The number of times "lakers" appears. It tied with "maverick," although fortunately "the_heat" or "celtics" weren't on this list.

• 56: The number of times "winner" is used.

• 27: The number of times "ncc1701" is used as a password. For those of you who aren't trekkies, that's the designation code for the Starship Enterprise. "startrek" is used 17 times, while "ncc1701a," the designation for the Enterprise used in later Star Trek movies, is used 15 times.

Chances are, if you're a trekkie or comic book fan, you should probably change up your password.