Don’t pick an obvious password might seem like an obvious piece of advice.
But despite security warnings a shocking number of internet users continue to use some of the most blatant letter and number combinations.
In the wake of a security breach at Yahoo a Slovakian IT security company has released a list of the most commonly used passwords for hacked accounts.
ESET carried out a study of the almost half a million account details leaked online by an unknown hacker group, as reported by Yahoo News.
Analysts found that almost 1,700 (0.38%) of the hacked accounts were protected with the password ‘123456’, while 780 users opted for ‘password’.
In 2011 ‘password’ was the most commonly used password, according to password management application maker SpashID.
Also in the top 10 were ‘welcome’, ‘abc123’ and ‘qwerty’. They are easy to remember but also very easy to guess.
ESET advised in a statement: ‘Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their account.’
The security breach happened on Wednesday when a hacker group has posted online the details of 450,000 user accounts and passwords it claimed to have stolen from a Yahoo server.
Anyone who is concerned an account was compromised in the Yahoo attack can visit security company Sucuri’s online check at labs.sucuri.net/?yahooleak.
The Ars Technica technology news website reported that the group, which calls itself D33DS Company, hacked into an unidentified subdomain of Yahoo’s website where they retrieved unencrypted account details.
A Yahoo spokesperson declined to comment.
The affected accounts appeared to belong to a voice-over-Internet-protocol, or VOIP, service called Yahoo Voices, which runs on Yahoo’s instant messenger.
The Voices service is powered by Jajah, a VOIP platform that was bought by Telefonica Europe BV in 2010.
The hackers’ website where the original claim was made, d33ds.co, was not available later on Thursday.
It was registered in February. Industry website CNET reported the hackers as saying the breach was intended as a ‘wake-up call and not as a threat’ and that Yahoo’s security was lax.
The Voices hack is one of several in recent months.
The business networking service LinkedIn admitted last month that 6.4 million member passwords had been stolen from its website.