Over 23 million breached accounts were using ‘123456’ as password

Pierluigi Paganini April 29, 2019

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password.

Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP).

Have I Been Pwned allows users to search across multiple data breaches to see if their email address has been compromised.

The NCSC discovered that 23.2 million user accounts worldwide were using ‘123456’ as password, while 7.7 million users were using ‘123456789’.

This data is disconcerting and shows that we are far from to be secure even if security experts continue to warn users of cyber risks associated with the use of weak passwords.

Of course. the list of most-hacked passwords also includes other simple items like ‘qwerty’, ‘password’ and ‘1111111,’ in top five, a gift for the hackers.

The list of top breached passwords includes names, musicians, football team names, and fictional characters.

“The NCSC has also today published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches.” reads the post published by the NCSC.

“The results show a huge number of regularly used passwordsbreached to access sensitive information.”

top breached passwords

Data reported by NCSC are aligned with findings from other similar studies conducted by security firm. In December, SplashData published for the 8th year in a row the worst passwords list, the annual report based on the analysis of more than 5 million leaked passwords. Below the 2018 top 10 most used passwords published by SplashData:

  1. 123456
  2. password 
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567 
  8. sunshine
  9. qwerty
  10. iloveyou

Experts suggest the adoption of strong passwords and the usage of a unique password for every service they access. Passwords should contain at least 8 characters, upper and lower case letters, numbers, and symbols (i.e. %$#!.). Another good practice is the set up of multi-factor authentication wherever possible.

Below the key findings emerged from the survey:

  • Only 15% say they know a great deal about how to protect themselves from harmful activity
  • The most regular concern is money being stolen – with 42% feeling it likely to happen by 2021
  • 89% use the internet to make online purchases – with 39% on a weekly basis 
  • One in three rely to some extent on friends and family for help on cyber security
  • Young people more likely to be privacy conscious and careful of what details they share online
  • 61% of internet users check social media daily, but 21% report they never look at social media
  • 70% always use PINs and passwords for smart phones and tablets
  • Less than half do not always use a strong, separate password for their main email account

“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable.” said Dr Ian Levy, NCSC Technical Director.

“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with somethisng that can be guessed, like their first name, local football team or favourite band.”

“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Top breached passwords, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment