Once again it has been proven that people don’t take password security seriously enough.
As most people have heard by now, the Gawker Media blogs were hacked this past weekend, and over 1.5 million accounts of people who have left comments were compromised. Gnosis, the hacking group that breached the servers, decrypted 188,279 of the passwords, and … it isn’t pretty. The Wall Street Journal compiled a list of the most commonly used passwords from that sample, and … yeah, some of them seem familiar if you remember when RockYou got hacked last April.
I can understand that it isn’t always easy to remember the number of passwords we have in our lives, and leaving comments on Gawker may seem like an innocuous past time, but seeing as people still seem to insist using the same password on multiple sites, this isn’t good. It still amazes us that people use passwords like “123456” and “qwerty”.
The interesting thing is that other sites have realized this hack may expand beyond Gawker and are having their users also change their passwords. LinkedIn, the professional social network, sent out e-mails on Tuesday morning requiring all of its users to change their passwords. Yahoo and Blizzard Entertainment, the company behind World of Warcraft, have also been resetting passwords in an effort to keep people’s accounts safe.
Once again the Internet never ceases to amaze me. In a full disclosure, I did search the archive of compromised accounts, and mine was listed, and the password had not been decrypted as of yet, but I have changed it already. It was also the only site I used that password on, and I can assure you that it wasn’t any of the ones you see above.
Hopefully people will take a lesson away from this event, but somehow we imagine that the next time we have a hacking story, once again these passwords will top the list.