X

Top domains and passwords compromised by Yahoo breach

A more complete list of the domains hit and commonly used passwords as compiled by CNET's Declan McCullagh.

Roger_Cheng.jpg
Roger_Cheng.jpg
Roger Cheng Former Executive Editor / Head of News
Roger Cheng (he/him/his) was the executive editor in charge of CNET News, managing everything from daily breaking news to in-depth investigative packages. Prior to this, he was on the telecommunications beat and wrote for Dow Jones Newswires and The Wall Street Journal for nearly a decade and got his start writing and laying out pages at a local paper in Southern California. He's a devoted Trojan alum and thinks sleep is the perfect -- if unattainable -- hobby for a parent.
Expertise Mobile, 5G, Big Tech, Social Media Credentials
  • SABEW Best in Business 2011 Award for Breaking News Coverage, Eddie Award in 2020 for 5G coverage, runner-up National Arts & Entertainment Journalism Award for culture analysis.
See full bio
Declan_McCullagh2.jpg
Declan_McCullagh2.jpg
Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
See full bio
Roger Cheng
Declan McCullagh
The breach of one of Yahoo's sites reignited concerns over the vulnerability of the favorite Web sites that we visit.

But in reality, roughly 450,000 login credentials were compromised -- a small number relative to the total users on the Internet. Yahoo said less than 5 percent of the accounts had valid passwords.

The following is a list of the top 20 e-mail domains and frequently used passwords that were hit, as compiled by CNET's Declan McCullagh:

Domains
1. Yahoo.com (137,559)
2. Gmail.com (106,873)
3. Hotmail.com (55,148)
4. Aol.com (25,521)
5. Comcast.net (8,536)
6. Msn.com (6,395)
7. Sbcglobal.net (5,193)
8. Live.com (4,313)
9. Verizon.net (3,029)
10. Bellsouth.net (2,847)
11. Cox.net (2,260)
12. Yahoo.co.in (2,133)
13. Ymail.com (2,077)
14. Hotmail.co.uk (2,028)
15. Earthlink.net (1,943)
16. Yahoo.co.uk (1,828)
17. Aim.com (1,611)
18. Charter.net (1,436)
19. Att.net (1,372)
20. Mac.com (1,146)

Passwords
1. 123456 (1,667)
2. password (780)
3. welcome (437)
4. ninja (333)
5. abc123 (250)
6. 123456789 (222)
7. 12345678 (208)
8. sunshine (205)
9. princess (202)
10. qwerty (172)
11. writer (164)
12. monkey (162)
13. freedom (161)
14. michael (160)
15. 111111 (160)
16. iloveyou (140)
17. password1 (139)
18. shadow (134)
19. baseball (133)
20. tigger (132)

Securi Labs also offers a handy tool to help you find out whether your Yahoo email was compromised.