Certifications / Security

Leaky Logins: 50,000 Passwords Exposed

by Team Nuggets
Leaky Logins: 50,000 Passwords Exposed picture: A
Follow us
Published on December 6, 2016

According to a 2014 Gallup survey, Americans fear being hacked more than they fear any other crime. We're worried about our credit card information, our medical records, our email, and our personal information, and with good reason.

In 2014, more than one billion personal records were illegally accessed.

In 2016, Yahoo disclosed that hackers stole personal information from more than 500 million accounts.

So the question is: How vulnerable are you? Are your passwords secure? Is your personal information under wraps?

To gain some insight, we examined 50,000 emails and passwords that were leaked online. We analyzed passwords for root words and easy-to-guess elements.

Here's what we learned.

The 30 Most Common Passwords

In the 50,000 passwords we analyzed, the most commonly used words were love, star, girl, angel, rock, miss, hell, Mike, and John. Because one of the ways hackers steal passwords is by using commonly used words, we recommend steering clear of these popular terms or even better, using nonsense words and letter-number combinations.

So, who's vulnerable to these hacks?

Using Names in Your Passwords Is a No-No

Perhaps unsurprisingly, the most common names of those hacked are also, well, some of the most common names in America with Mike/Michael, Chris/Christopher, John/Jonathan, and Dave/David leading the pack.

Men were slightly more prone to being hacked, based on our info. And interestingly, those aged 25 to 34 were four times more likely to be hacked than any other demographic. They also happen to be the men most likely to be named Mike, Chris, John, or Dave.

According to Business Insider, millennials grew up with a third parent: The Internet. But perhaps they weren't spoon-fed online security tips from an early age.

And, interestingly, some states are more secure than others.

Are Some States More Secure Than Others?

According to the data, the answer is yes.

Hawaii was home to most of our leaked passwords, with an average of 28.71 leaks per 100,000 residents. That's more than six times the national average (4.67) and a 58 percent increase from the next riskiest state (California, at 18.18).

Of course, Hawaii isn't the only state with a higher-than-average risk. Based on our analysis, 15 states carry that distinction. Hawaii tops the list, but California and Nevada are more than double the national average, and Washington and New York aren't far behind.

Password Faux Pas: Who's Using Their Own Names?

Ifusing personal data in a password is a big no-no, using your own name is an even worse mistake. Granted, there are still worse passwords out there. Some people still think 1234567890 is a good choice. If it's not good enough for your luggage, why would it be good enough for your bank account?

Although many users know that name-password combinations are insecure, more than 42 percent of those 50,000 leaked passwords still included usernames, passwords, or real names. The worst offenders?

People who are named Amy, Lisa, Scott, Mark, or Laura.

Of course, while Amys and Lisas may be the worst offenders in the name-in-my-password bunch, overall, men are actually more likely than women to fall into this trap, 20 of the top 25 biggest offenders on the list were typical male names.

Perhaps unsurprisingly, the most common names of those hacked are also more common names in general. John, Michael, and Joseph are among the most common first names in the country.

Is Your Email Provider Secure?

When it comes to leaked passwords, which email providers have had the most breaches?

Based on our data, the answer is Yahoo by a large margin. (Yahoo had almost three times as many hacked emails as any other email provider on our list.)

The next most commonly hacked email provider was Hotmail, followed by Gmail.

The least hacked email provider was internet veteran AOL, despite the fact that AOL users were actually the most likely of any users on our list to use passwords containing part of their name.

Keeping Your Emails and Data Safe

The truth is that hacking techniques are more sophisticated than ever before. According to cybersecurity expert Misha Glenny, there aren't any companies that haven't been hacked, there are just companies that know about the hacks and companies that don't.

So what can you do? First, you can learn from the mistakes in the data we examined.

Don't use your name, your pet's name, or your best friend's name in your password. Don't use common words.

Instead, come up with random, difficult-to-guess combinations of letters, numbers, and characters.

Or even better, use a trusted password service like LastPass.

Change your passwords often, pay attention when a service you use is hacked (when the press reports a Yahoo hack, it's time to change your password), and educate yourself about the latest security options.

And of course, you can always take a training course on security to better understand how to protect yourself.

Start your free week with CBT Nuggets today!

Train anytime, anywhere, and even offline. Download the CBT Nuggets app:

iOS Android

Methodology

For this blog post, we searched the web for leaked emails and passwords to find out more about the demographics of people who have had their information revealed on the internet. We analyzed about 50,000 emails using the fullcontact.com/ API, which gave us information on users' genders, ages, names, and locations.

We then analyzed passwords using a dictionary list to determine which root words were most common among these passwords.

In addition, we cross-referenced user passwords, matching username, first name, or last name, to determine if some form of "common knowledge" was used within a user's password.

Sources

https://www.gallup.com/poll/178856/hacking-tops-list-crimes-americans-worry.aspx

www.zdnet.com/pictures/biggest-hacks-security-data-breaches-2015

https://fortune.com/2016/09/22/yahoo-hack-qa

www.maketecheasier.com/4-ways-hackers-steal-your-passwords

https://fortune.com/2016/01/20/passwords-worst-123456

www.ted.com/talks/misha_glenny_hire_the_hackers/transcript?language=en

https://lastpass.com

https://www.businessinsider.com/the-internet-is-every-millennials-third-parent-2016-4

Intrigued?

Share this with your followers in a non-commercial way, and connect it back to the original article.


Ultimate Security Cert Guide

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.


Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522