Analysis reveals popular Adobe passwords

Adobe logo Millions of Adobe users picked easy-to-guess passwords, suggests analysis

Related Stories

"123456" was the most popular password among the millions of Adobe users whose details were stolen during an attack on the company.

About 1.9 million people used the sequence, according to analysis of data lost in the leak.

Online copies of the data have let security researchers find out more about users' password-creating habits.

The analysis suggests that many people are making it easy for attackers by using easy-to-guess passwords.

Word games

On 4 October, Adobe reported that its systems had been penetrated by attackers who had stolen the online credentials for millions of its users.

Early reports suggested about 2.9 million records had been compromised.

Top 20 passwords

  • 123456
  • 123456789
  • password
  • adobe123
  • 12345678
  • qwerty
  • 1234567
  • 111111
  • photoshop
  • 123123
  • 1234567890
  • 000000
  • abc123
  • 1234
  • adobe1
  • macromedia
  • azerty
  • iloveyou
  • aaaaaa
  • 654321

On 30 October, this figure was revised, with Adobe saying information about 38 million active users had gone astray.

In total, information about more than 150 million accounts was stolen - but many of the other accounts were disused, abandoned or duplicates.

Adobe has now shut down all the compromised accounts, saying it will only reopen them once passwords have been changed.

Copies of the data that was exposed by the breach have begun circulating online and inspired security researcher Jeremi Gosney to go through it working out which password was most popular.

Top of the list, with 1.9 million entries, was the "123456" string of numbers. Second was the slightly longer "123456789" sequence.

Other popular easy-to-guess passwords included "adobe123", "qwerty" and "password".

Mr Gosney said the results of the analysis should be treated with caution because, so far, no-one had access to the keys that Adobe used to encrypt the data.

However, he added, flaws in the way Adobe had stored and encrypted passwords along with clues in the giant file of data had made it possible to draw up a list that he was "fairly confident" was accurate.

Computer security researchers who study password-creating habits have also seized on the data dump as a way to refine the word lists they use to attack login systems in a bid to make them more secure.

Lists of passwords and email addresses are a boon to attackers not just because they can be used to get access to the systems they were supposed to secure. Many people re-use the same password for different services potentially giving attackers a way into other networks.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.