123456: Millions of Adobe hack victims used horrible passwords

Millions of people use utterly atrocious passwords.

The hacking of Adobe that compromised tens of millions of accounts is no joke, but at least we can enjoy a little dark humor over users' predictably awful passwords.

The passwords were posted by Jeremi Gosney of Scricture Group, and reported by The Register.

Gosney noted that the list can't be verified in the absence of Adobe's encryption keys. But he said that with Adobe "choosing symmetric key encryption over hashing, selecting ECB mode, and using the same key for every password, combined with a large number of known plaintexts and the generosity of users who flat-out gave us their password in their password hint," he's fairly confident in the list.

Here are the 20 most common passwords, followed by the number of Adobe users who used that password:

  • 1. 123456 - 1,911,938
  • 2. 123456789 - 446,162
  • 3. password - 345,834
  • 4. adobe123 - 211,659
  • 5. 12345678 - 201,580
  • 6. qwerty - 130,832
  • 7. 1234567 - 124,253
  • 8. 111111 - 113,884
  • 9. photoshop - 83,411
  • 10. 123123 - 82,694
  • 11. 1234567890 - 76,910
  • 12. 000000 - 76,186
  • 13. abc123 - 70,791
  • 14. 1234 - 61,453
  • 15. adobe1 - 56,744
  • 16. macromedia - 54,651
  • 17. azerty - 48,850
  • 18. iloveyou - 47,142
  • 19. aaaaaa - 44,281
  • 20. 654321 - 43,670

Of course, "123456" and "password" are at the top of the list, as they so often are. And whoever used "macromedia"--a throwback to the origins of Flash and Dreamweaver--probably thought they were being pretty clever.

If you're scratching your head over the apparent stupidity of the Adobe-using public, take comfort in the fact that the top 20 passwords only account for roughly 3% of the 130,324,429 Adobe user accounts Gosney was able to obtain. The vast majority of people are using passwords that are at least somewhat unique.

Adobe confirmed the security breach on October 3, revealing that hackers stole 2.9 million encrypted credit card numbers and expiration dates. A few weeks later, Krebs on Security reported that hackers stole login information for at least 38 million active users, and possibly more than 150 million total accounts (including inactive IDs and test accounts).

Hackers also made off with some of Adobe's source code for programs including Photoshop. Security experts have warned that the theft could reveal Adobe's vulnerabilities and security schemes, leading to a new generation of malware, viruses and exploits. Laugh it up while you can.

This story, "123456: Millions of Adobe hack victims used horrible passwords" was originally published by PCWorld.

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies